Open online surveys can be distributed via a whole range of methods. You’re not just limited to email! This means you have opportunities to be creative and try out different ways as you reach out to more interactive audiences. Take a look at our ideas and share yours with us.

Social media

Facebook

Facebook is the world’s most popular social media network with over 2 billion active users every month. That’s a huge collection of sociodemographic data for your surveys! However, the organic reach on Facebook is not what it used to be and won’t be sufficient for distributing your online surveys. These days, Facebook’s real potential lies in paid posts and ads. Facebook offers impressively extensive and detailed options for targeting, which enables you to pinpoint the exact audience you want to reach.

LinkedIn

Since its launch in 2003, LinkedIn has gathered over 547 million professional users and one million company profiles. These volumes are very interesting if your surveys research professionals and industries. Within LinkedIn you can share a survey as a company update, a personal post, banner, text ad or send it directly to selected individuals as a private message.

Twitter

Twitter’s audience comprises 310 million monthly active users. It is more diverse as engages consumers and professionals alike. Within Twitter you can use ads to target people based on their location, age, gender, device or keywords.

WeChat

In China, some market research organizations use a local social media network called WeChat to distribute online surveys. The WeChat messaging app is massively popular in China with 768 million active users every day.

Most popular messaging apps per country

Although WeChat’s network structure is often compared to WhatsApp or Facebook, it is, in fact, very different. The WeChat app has been evolving into a full-service platform as it strives to be everything at once: a place for chatting, shopping, gaming and banking. Alongside a wider range of services, WeChat’s users benefit from easy integration with other apps, including Facebook.

All this makes WeChat a fantastic opportunity for engaging different audiences across China. For example, if your organization has a company page on WeChat with followers, then it’s possible to display your survey link either on your page or send it directly to followers via a private WeChat message. To incentivize followers to respond the survey, you can redirect them from the WeChat app to the company’s website where a reward awaits.

Even though this idea is easy to implement, it still requires a bit of technological knowledge. You can take advantage of our experience with this solution by deploying your WeChat project through Nfield Online.

WATCH OUT

WhatsApp currently holds the status of being the most popular messaging app in the world.  The Facebook Corporation bought WhatsApp a few years ago and in 2016 partly integrated user accounts across the two apps. Even though this has happened, the Facebook Corporation remains very cautious about privacy and spammy user experiences and doesn’t allow third-party ads to be displayed in WhatsApp. Compared to WeChat, WhatsApp’s commercial usage is more restricted and it doesn’t allow for distribution of online surveys in the same way – at least for now.

Physical touchpoints

Offices, reception desks, shops and presence at trade shows, seminars and other industry events are all physical touchpoints between companies and potential survey respondents. Printed materials, interior décor, products and touch screens all provide opportunities for inviting survey participation. Which means you can turn any physical environment into a place for conducting everything from customer or employee satisfaction surveys to product research.  

QR codes

Quick Response (QR) codes are those digital squares you find in all kinds of places. The square contains a unique two-dimensional, usually black and white code, which can be read via dedicated QR barcode readers and smartphones. You can easily generate unique QR codes for your surveys with simple tools such as www.qr-code-generator.com. These can then be printed on business cards, product sheets, leaflets, posters, packaging and even products, and displayed in exhibition booths, reception areas, around premises, on vehicles and more.

It’s worth remembering that printed QR codes will remain in circulation for an indefinite period of time. This means they are only appropriate for surveys which will remain active for a long time, such as ongoing consumer satisfaction surveys.

Because people usually read QR codes from their smartphones, the surveys these link to must be optimized for completion via a smartphone.

Beacons

Beacons make it possible to invite passersby to take a short survey about their current experience of a precise location in real time. For example, you can instantly survey visitors to buildings and events about their opinions of their immediate environment. A great opportunity everywhere from airports to trade shows to ask people for improvement suggestions.

Each Beacon is effectively a cheap, small Bluetooth transmitter. The standard broadcast range spans from a couple of centimeters to 100 meters. While GPS is a great tool for locating bigger targets on a map such as streets and buildings, Beacon technology enables you to pinpoint exactly where an individual is standing, even inside a building, to a precision of one meter.

Beacons don’t follow people, they search for devices within their range. When they detect nearby smartphones and tablets, they send out a message which has been designed and saved in the Beacon. However, this is a one-way transfer. Beacons don’t receive messages from the nearby devices. This means that the survey invitation you send from a Beacon has to redirect the recipient from the Beacon message to the first question of the survey, because the Beacon cannot receive and save the survey responses themselves.

Every smartphone or tablet is a potential receiver of Beacon messages, but they will only work is they have:

• the Bluetooth function activated
• a mobile app installed which receives and acts upon Beacon signals.

The two biggest players in the beacon market are Apple with iBeacon and Google with Eddystone. The latter is better suited for market researchers. Messages coming from Eddystone Beacons are automatically picked up by the ever-present Google Chrome app. So you don’t have to build your own app. In contrast, Apple’s iBeacon solution requires a specially designed app to interact with the Beacon’s messages.
https://developer.apple.com/ibeacon/
https://developers.google.com/beacons/

Share your ideas

Do you have other creative ways of distributing survey invitations? Maybe there’s more we can do to help you integrate these with Nfield Online? Tell us about them by emailing info@nipo.com

Distributing online surveys via email has become the most common way to reach an audience. While emailing itself is an easy method, professional survey systems provide more sophisticated options to help you achieve your desired results. Here’s what you need to know about the two most important ones.

<1/> Open survey distribution

Open survey distribution boosts the organic reach of your surveys.

A survey is shared with anybody through one identical URL link, which is universal, public, and therefore anonymous. In the Nfield Online survey system, you copy the URL of the survey and paste it as a link directly into the email you send out.

The simplicity and uniformity of this link allows you to:

• encourage recipients to invite friends and colleagues to participate in the survey, simply by sharing the original email invitation
• distribute the survey through channels other than email. Typically via social media and websites

However, these two opportunities also mean you lose the control of the survey’s distribution. You can’t send out a reminder because you don’t know all the recipients it’s reached, or who has already completed the survey. The absence of tracking has one other major implication: a recipient can do the survey more than once.

Please note that the open distribution method is best used for surveys with a limited email list.

<2/> Closed survey distribution

Closed survey distribution gives you more control.

A survey is shared though a set of URL links only with known recipients. Each URL link has a different unique ending which corresponds to a different individual recipient invited to take the same survey. In professional market research, these unique endings are known as respondent keys.

This system of unique links enables you to monitor the survey activity of every recipient. This means you also know what is happening throughout the entire recipient pool, so you can send out appropriate reminders at every stage to those who:

• haven’t opened the survey invitation
• opened the invitation but haven’t started doing the survey
• started doing the survey, but haven’t completed it

Nfield Online prevents recipients from responding more than once to the same survey’s questions. In the case of recipients who started but did not yet complete the survey, it also enables you to send them a reminder which takes them directly to the point where they stopped. All this results in clean and more credible survey data.

Because of these specifics, closed surveys cannot be distributed through any other channel. You always need an email list that is big enough to satisfy the survey’s requirements. In many cases, the company’s customer database is perfectly sufficient. But when it isn’t, the solution for professional market researchers is to use the services of sample providers.

Respondent keys

A respondent key is a random combination of characters and/or numbers added to the end of the survey link. It’s this combination which makes each survey link unique, even though it points to the same survey. This uniqueness enables Nfield Online to identify recipients and ensure that only those who were directly invited can participate in the survey.

domain.com/survey-about-pets/respondentkey1
domain.com/survey-about-pets/respondentkey2
domain.com/survey-about-pets/respondentkey3

Sample providers
 
Sample providers administer extensive databases of individuals who at some point agreed to participate in surveys. Their databases usually contain basic sociodemographic data by which email lists are filtered. Sample providers also perform more detailed and time-consuming pre-selection of individuals according to survey requirements.
 
Thanks to unique respondent keys, once a survey project is finished, market researchers can inform their sample providers about which recipients didn’t start the survey or unsubscribed from the email list. This information is very important for a good email reputation and the privacy rights of recipients.
 
In addition to the administration of contact databases, sample providers incentivize recipients to participate in surveys. Respondents are typically redirected by Nfield Online to the sample provider’s website after completing the survey.  

Don’t miss: Email reputation

Even when you use Nfield Online to send your survey invitations to a contact list, it doesn’t necessarily mean all your invitations will arrive in their intended inboxes. As with any other marketing and sales emailing activity, the distribution of surveys through email is inspected under a set of rules known as email reputation. These rules decide whether the email is successfully delivered to inboxes, diverted into spam folders or blocked.

Email reputation directly affects the success of your online research, so make sure you find out everything you need to know in our two articles:

• Why email reputation matters to market researchers 
• How to build a good email reputation

Your email reputation score directly affects how many of your survey invitations actually arrive in people’s inboxes. If you have a bad email reputation score, your survey will be diverted into spam folders or may even be blocked completely. The result of which is the people you hoped to participate in your survey will never see your invitation. So you’ll never receive their responses and your survey conclusions will be less complete. Here is a handy guide to looking after your email reputation, so your surveys can be more successful.

Your destiny is in your hands!

Every Nfield Online customer gets a new Nfield Online domain to set up surveys, manage respondents, send out survey invitations, monitor respondents and gather collected responses.

Your Nfield Online domain is unique and can only be accessed by you, the owning customer. We don’t even have the right to look inside its administration unless you specifically ask us to do so for customer service purposes. This means you have complete control over your Nfield Online domain’s email reputation.

We understand this may seem like a daunting responsibility if you are new to the topic of email reputation. But don’t worry! Nfield Online is equipped with tips to guide you through. We’ve also compiled the handy guide below on how to successfully build a good, everlasting email reputation.

Step 1: Identity

Identifying where an email has been sent from plays a major role in email reputation. Recipients have a right to know who’s contacting them. And email service providers endeavor to ensure this happens by checking you are who you say you are.

State who you are

Absence of a physical address and/or signature in an email will add to its spam rating. To protect your email reputation, we have made this field mandatory in Nfield Online. Our survey system doesn’t allow you to send out emails unless you provide the company’s real name and physical address.

Specify your sender email address

Nfield Online survey invitations allow you to choose which email address they are sent from. Because this information must be provided, the default ‘From’ field is automatically filled in with noreply@yourNfieldOnlinedomain.com. If you wish, you can overwrite this with any valid address of your choice. Either at the default domain level or at individual survey level. So if you want to, you can send different surveys from different email addresses.

1. Your Nfield Online sender address

Because a new Nfield Online domain has never been used before, its email reputation is also completely ‘clean’. In fact, it’s even better: thanks to good technical practices at Nfield Online, all new domains are already rated 3 out of 5 when we hand them over. So if you decide to keep the Nfield Online sender address (e.g. companyname@nfielddomain.com), your first emails should arrive reliably. They are unlikely to be classed as spam unless you immediately adopt bad practices. But beware, as soon as you start using the Nfield domain, everything you do will influence its reputation moving forward. For better or for worse. So look after it well!

2. Your other sender address

If you choose to use a different email address (e.g. companyname@gmail.com), at any point, your survey invitations will be treated according to that address’s email reputation. So be sure to check whether the reputation of the address you want to use is good enough to reliably deliver your invitations.

Prove it’s really you

Spammers often pretend to be other people by spoofing their IP addresses and sending domains. Spam filters therefore check for ownership authentications when deciding what to do with an email.

Verify your emailing domain with:​​​

• Sender Policy Framework (SPF): This authentication enables owners to publish a list of IP addresses that can send emails on their behalf.
• Domain Keys Identified Mail (DKIM): The authentication method that proves an email originated at a specific domain and has not been changed during delivery.

This verification is an easy task for your system administrator. It’s only required once and must be done before you send out the first email. If you experience any difficulties in doing it, please contact us and we will help you out straightaway.

Step 2: Engagement

Email providers consider engagement as a crucial indicator of how welcome your messages are to their recipients. The way people interact with your emails, from whether or not they open them and click the links to whether they unsubscribe or mark them as spam, reveals whether or not they wish to keep them coming.

The best scenario for your email reputation is when recipients open and click the links. Unsubscribes, as long as you don’t have too many of them, are neutral. The very worst outcome is when recipients mark your messages as spam. Some email providers are very sensitive to this and only a few spam reports can send a reputation steeply downhill. As a sender, you need to do everything possible to prevent this from happening.

The two biggest influencers of engagement are the appropriateness of your database and how interested recipients are in the content of your messages.

Enable recipients to unsubscribe, simply and immediately

If somebody doesn’t want to receive your messages and you don’t make it easy for them to unsubscribe, they are likely to hit the spam button instead. To encourage unsubscribes over spam marking, we have made the ‘unsubscribe link’ field mandatory in Nfield Online survey correspondence. It’s worth remembering that if you only send survey invitations to people who are expecting them from you, the unsubscribe rate should be low anyhow.

Only send survey invitations to people who are into you

If you send survey invitations to people who either didn’t specifically give consent or aren’t interested in your survey activities, many of them will simply move the survey invitation from an inbox to a spam folder. This will damage your email reputation. It’s possible they might just unsubscribe instead. But if you have a very high unsubscribe rate this also may be damaging.

Clean your email database. Again, again, and again

• Unresponsive recipients
  • Before sending a survey invitation, remove any erroneous addresses from your database and check for validity by using tools such as those found at www.datavalidation.com or www.listwisehq.com.
  • After sending a survey, continuously monitor how recipients are behaving to identify those who are not taking action. Nfield Online closed surveys enable you to see which recipients didn’t open the email invitation or opened it but didn’t click though to the survey itself. This information can be found by clicking the ‘Manage respondents’ bookmark. Be sure to do this for every survey. If you identify recipients who are repeatedly unresponsive, you should consider removing them from the database because their lack of engagement is likely to be damaging to your email reputation.

• Unsubscribes
  Recipients who opted to unsubscribe can be seen in Nfield Online via the ‘Blacklist’. It’s vital that you make sure these people do not receive any more of your survey invitations. Delete them from your database or share the file with whoever is responsible for managing your panel respondents. It’s very rude to send these people more invitations and they keep getting them they are likely to hit the spam button, which is terrible for your email reputation of cours

• Spam reports
  Recipients who have complained about your email, usually by labeling it as spam, can be seen via Nfield Online’s ‘Abuse report’ which can be found within the ‘Manage respondents’ area. These recipients must also be removed from your database immediately.

Ask your sample provider about their database practices

Many researchers contract the services of sample providers to obtain contact details of suitable survey recipients. This transfers responsibility for the database’s administration to a third party. But it’s your reputation that will suffer if the contacts provided are not suitable. To protect these, it’s a really good idea to ask your sample provider about their practices for acquiring new contacts and maintaining their database.

Compose an eye-catching survey invitation

With so many emails, articles and shocking news stories constantly competing for attention, getting your survey invitation noticed is a tough job. To be successful in this, you need to be meticulous in every detail. The survey invitation must be visually appealing and instantly clear. Never just present it as unformatted text on a plain white background. Personalize, be straightforward and be honest. Briefly explain why you are contacting this recipient, why this survey matters (to them) and what you plan to do with the information they provide.

Step 3: Content

Composing emails which are suitable for multiple recipients is a specific discipline. The way you present words, images and other elements can have a huge impact on your recipients’ behavior. And your email reputation.

Choose your words carefully

Avoid words which are typically found in spam such as ‘urgent’ and ‘for free’. If you look at the emails which have arrived in your own spam folder, you can get a good idea of which words repeatedly appear. These are likely to be the red flags which lead email service providers into believing an email is spam.

Write an appealing subject line

The right choice of words for your subject line is even more important. This line should be short, clear (to the point) and personalized. In a world of short attention spans, it’s essential your recipient can instantly identify your message as interesting to them. Otherwise they may not even bother to open it.

Avoid ‘dirty’ formatting

• WRITING IN ALL CAPS
• exaggerated punctuation!!!???
• using too many different font colors
• using large font sizes (anything greater than 10pt or 12pt)

Don’t let pictures take over

Pictures can be great attention grabbers, but when they are too large or there are too many of them in an email, the spam alarm bells can start to ring. Many email providers block pictures from appearing automatically, which cancels their impact as recipients don’t even see them.

Use original URL links

Avoid using URL shorteners (such as bitly) in emails. Spammers frequently abuse these tools, which means email providers will count them against you.

Keep your email’s HTML code clean

This means ensuring the HTML code only contains directly relevant instructions. If you copy-paste styled text from a Word file straight to your email, the HTML will include all kinds of irrelevant formatting elements, which have a negative impact on your email reputation score. To avoid this, either compose your email text directly in Nfield Online or copy-paste it from Notepad and then style the formatting in Nfield Online.

Step 4: More bite-sized tips

Ultimately, learn a few practical tips that may impact the success of your survey invations. These tips are not topic-specific and give you the references on useful websites and contacts you may need when discovering how to make your email delivery spotless.

Build up slowly and carefully

Starting safely with sending your Nfield Online survey invitations is a good exercise for enhancing your email reputation and developing good habits. If you limit your first survey invitations to recipients you know you can rely on to engage, you set yourself up for giving email service providers a positive impression.

If possible, perform this ‘reliable respondent’ exercise more than once to really boost your email reputation. This will give your future distributions a much better chance of getting straight to their intended inboxes. If you commence your survey invitation activity by sending an invitation to a bad quality database, your email reputation will rapidly spiral downwards. And that can be a very hard thing to undo.

Be a predictable communicator

Random and erratic emailing activity will bring your reputation down. Try to establish a consistent email sending routine, as distribution spikes won’t help your email reputation.

Forget trials

There’s no such thing as a ‘trial email’ when comes to email reputation. Every testing round is real to email service providers and absolutely every sent email is evaluated. Regardless of the purpose, treat every email as a VIP.

Check your sender reputation score

This score is calculated using traditional email metrics such as unsubscribes and spam reports. The sender score is on a scale from 1 to 100 – the higher the better. Emails with a score lower than 70 aren’t usually delivered to inboxes.
www.senderscore.org

Test for technical errors

Technical errors can also be bad for email reputation. Test how your email looks on different platforms and devices before sending it. Check the technical report for errors. Correct these and test again, until it’s perfect.
www.litmus.com or www.mail-tester.com

Could you be on a blacklist?

If things go extremely wrong with your emailing practice, your survey domain can end up on a blacklist. This would result in your emails being blocked as you are considered to be a serious abuser. If you find yourself experiencing serious delivery problems, please let us know and we will check whether your domain has found its way onto any blacklists.

Say ‘hello’ to NIPO team members

We are happy to help, guide you through and receive feedback on your emailing experiences via Nfield Online. Feel free to contact our team members at info@nipo.com or go straight to your regular NIPO contact person.

“Sorry, I’m giving up on this!” I was responding to an airline’s flight experience survey via my mobile phone. The airline in question had taken good care of me and enabled me to carry my precious cat as hand-luggage from Hong Kong SAR to Amsterdam. I was willing to give them a great rating for every aspect of my experience, from booking to food to inflight service. But during the process of answering their questions, I reached my tolerance limit for the task. Providing a seemingly endless stream of responses within a continuous grid layout was simply too mundane and boring.

I got to the point where I was just entering random responses in a quest to get to the end. Which did nothing for the accuracy of their results and lowered my overall glowing perception of the company. Nobody gained anything.  

Why mobility matters

The use of mobile devices is continuing to grow rapidly and is a not-to-be-ignored element in the online communication mix. In some parts of the world, mobile now exceeds the use of traditional desktop machines.

Go to StatCount to find out how the mobile coverage is defined in your region.

So how does this impact your surveys?

Because mobile devices have smaller screens than desktops and are often used away from the calm, static office environment, they need to deliver content in a way that’s more instantly digestible and engaging to keep users focused. When it comes to surveys, long, boring-looking questions are doomed to failure, as they demand too much effort. User attention is best achieved by keeping them entertained.

For this reason, you need to think a lot more carefully about how to approach and design surveys. Yes, you’ll need to invest time and effort, but the rewards will be noticeable, with significantly higher response rates and better quality answers.

Go mobile first

You’ve probably heard of the term “mobile first”. This refers to the principle of initially designing all content to meet the needs of mobile users, then adapting it afterwards for desktop consumption.

Designing surveys in this way starts with considering the specific requirements of mobile users. For example:

1. The survey needs to be kept short. Completion must be possible in under 5 minutes
2. Each page must be easy to read and fit comfortably on a small screen, without scrolling
3. Avoid large tables with endless statements
4. Use simple sentences and only ask what you really need to know
5. Surveys need to be as interesting and engaging as possible. This can be achieved through techniques such as gamification, easy-to-use interface and variety of question types

The solution is right here!

Nfield surveys are designed to accommodate a mobile first strategy, while continuing to satisfy desktop users. For a start, our layouts are fully responsive to all screen sizes and device types. You only have to create your survey once, while Nfield automatically detects the nature of the screen it’s being viewed on and presents the most appropriate layout. So every user experiences your survey in an optimal way, no matter what device they are using, even if they switch mid-completion.

Switching between devices while continuing the same activity is a recognized phenomenon. Just as Netflix lets you seamlessly continue your viewing as you switch between television, tablet and phone, Nfield lets survey respondents start on one device and continue on another. This relieves pressure on respondents to complete the survey while on-the-go. Their already-entered answers are stored and they can continue right where they left off, on any device.

What’s more, Nfield makes the most of mobile respondent behavior and delivers a range of additional benefits, including:

• capturing on-the-spot feedback from customers
• obtaining faster responses
• achieving better coverage of some demographic groups
• enabling improved quality checks (for field work) with photographic and GPS evidence

More of what your mobile users need

By ensuring your surveys truly meet the needs of mobile users, Nfield sets you up for survey success.

More fingertip-friendly

“Clickable” on-screen elements are very reactive and easy to use, without the need to trigger the magnifying glass feature offered by some devices. 

Nfield capitalizes on mobile users’ instinctive actions by presenting functionality in similar ways to commonly used apps. For example, questions can be answered by drag-and-drop or by swiping, thereby adding variety and keeping users engaged. 

More Graphics

Images play a big part in giving respondents an enjoyable and engaging experience. But it is essential to keep your image file sizes to a minimum. No one wants to wait for an 8 MB image to load before getting on with the survey! There are many programs available for reducing image size without losing sharpness or causing distortion.

Once you’ve taken care of the size of your image data, Nfield takes care of the size of your image on the screen, automatically adjusting each one to fit. So no matter what device or screen size your respondent is using, they always get a perfect view without having to scroll.

Nfield also enables the use of images for answering multiple code questions. Sometimes using icons (with single color) can be a good way to reduce boredom and improve the experience.

More variety

Nfield provides a good variety of question types to make the whole experience for your mobile respondents more engaging.

You can use drag-and-drop, image maps, sum sliders, star-ratings, matrices and more. Mixing these up within a survey creates variety which keeps the respondent more attentive and focused, which will result in better data quality. 

Nfield even takes care of matrix questions, which can be a real problem on mobile devices if not correctly resized. By automatically re-structuring these into a card presentation for mobile devices, Nfield makes matrix questions as easy as any other to answer. Readable, finger-tip friendly and fully aligned with the mobile first principle. 

Nfield takes you further

Are you looking to improve your response rates? Are your surveys delivering an enjoyable experience to respondents? Feel free to share your example with us so we can examine it together and identify where improvements can be made.

You can now connect and query an external source during an online interview in Nfield. A much sought-after feature by many of our customers. Forget about complex list and algorithm management in the script. Instead connect to a web service to consult up-to-date lists of e.g. car brands or postal codes and apply these in the Nfield interview.

Click on the link below to do a (short) survey on crypto currencies that monitors the real-time value of your wallet as you are progressing through the questions.

Check our demo survey that highlights this new and powerful feature in action.
Click here!

Because the amount of data sources / APIs / systems that you may wish to query is endless, we have implemented a standard way to pass parameters, consume responses and a configure secure HTTPS endpoints. This way you get predictable performance at maximum flexibility.

HTTPS endpoints can be configured for the whole domain. The configuration is as simple as adding a URL and one or more named headers and values. These headers can be used for example to pass along an API key or a JWT token. Nfield does not attach any meaning to the configured headers; it simply sends them. As an extra measure of security domain administrators can see which headers are configured, but the value will be masked once entered and saved.

Because we have standardized the interface, you may need to develop bridging applications between the source you try to connect and Nfield. In calling an API you can pass your own parameters and values. The result format however is strictly defined. The JSON output from your web service or API to Nfield must be data: {xxxxx}. Nfield cannot process anything else (e.g. result: {xxxxx} or location: {xxxx}). In this case you either must find another API that does provide date output in the required format or -more likely- create a bridging layer that re-formats the data output. The NIPO Support team is available to explain how to do this.

Trust is critical in market research, especially with regards to raw data. Your respondents trust you with all kinds of sensitive data about their lives, you need to be able to trust us to keep that data safe. That is why NIPO is committed to offering the most secure survey solutions for the professional market research industry. Our ISO 27001:2013 certification is strong and independent proof in how we are leading the area of data security.

Nfield includes features to assist you in your efforts to address GDPR controls. Such features include the ability to search cross surveys for respondents, to delete or pseudomize interviews and to anonymize data in surveys.

Our goal is simple: To provide functionality in nfield so our customers can address GDPR controls without having them compromise on data collection efficiency.

For this we created a booklet, we call it our Nfield GDPR toolkit, that highlights the Nfield features that can help you to address GDPR. A guide like this can never be 100% complete, so please feel free to reach out to your sales representative with any questions you might have around Nfield and its functionality.

Please note that this toolkit is not a replacement for legal advice. We recommend that, in case you have not done so yet, you seek legal advice on how GDPR applies specifically to your organization, and how best to ensure compliance.

We asked market research professionals if their organizations are ready for the rapidly approaching validation of GDPR, and what their thoughts are about this topic. This article, which presents the most interesting questions from the survey, is certainly worth your attention because the answers provide an interesting insight into the GDPR readiness of market research organizations. Where does your organization stand? How would you respond?

Question 1: How familiar are you with GDPR?

Response: 75% of market researchers is aware of GDPR.

NOTE! Nobody chose the “This is the first time I hear about GDPR” option, which shows how seriously market researchers take the new data security legislation.

Question 2: How well prepared is your organization for GDPR compliance?

Response: Some of you are GDPR-ready, but many still have enough to do.

NIPO! Our ISO 27001:2013 certification and strong data security measures show how seriously we take it. We’ve always made sure that everything in our organization and survey software solutions has been built from the start following the highest security standards. This has already placed NIPO at the top of the GDPR compliance scale as our systems have been proven to be GDPR-ready even before this new legislation began to worry the whole market research industry. Our team is currently working on strengthening instruments that will help our customers comply with GDPR without troubling their survey projects operations. We will inform our customers in detail about these developments soon.

Question 3: What challenges prevent your organization from accomplishing GDPR compliance?

Response: Understanding is the most difficult part.

NOTE!  GDPR was approved by the EU Parliament in April 2016, giving organizations a two-year transition period for making changes within their activities and processes to become compliant before the new standards come into effect in May 2018. We surmise that the robustness of the legislation, the risk of wrong interpretation, and the higher costs related to the changes deterred many organizations from starting the adoption on time.

Question 4: How strongly do you agree with the following GDPR benefits?

Response: GDPR benefit: a stronger company reputation.

Question 5: Do you think that GDPR will affect the number of people giving the consent for your market research activities?

Response: Problems with the acquisition of consent are expected.

TIP! Now more than ever it’s important to have an up-to-date contact database and establish an honest, mutually-rewarding relationship with respondents. Clean your contact list with https://www.datavalidation.com/ or any other tool, and be honest with you respondents, telling them why their opinions matter.

Question 6: Do you have any concerns about the security of data within your organization?

Response: Researchers are confident about the security of data within own organization.

NOTE! What’s interesting about this result is that the respondents are equally confident about the security of on-premise solutions as well as cloud solutions. In the past many organizations did not always trust cloud solutions. The investments in security and compliance of cloud providers seem to have changed organizations’ views.

Question 7: Thinking of the current platform you use to collect data from respondents, do you think that the platform is GDPR compliant?

Response: Trust in the compliance of the survey platform in use is higher than the factual knowledge about it.

Why all this matters?

GDPR, which refers to the General Data Protection Regulation, aims to protect and strengthen the privacy rights of EU citizens, that have been clearly affected by the intrusive developments of the digital age. It comes into effect on May 25, 2018, and non-compliant organizations risk hefty fines up to 4% of global turnover or €20 million, and huge damage to their business reputation.

Among other things, it says that market researchers are required to have consent of every EU citizen to collect, use and share his/her personal data. Each consent has to define what personal data, for which purpose, and for how long the market research organization is allowed to hold it. Learn more about the important aspects of GDPR in our articles:

• GDPR – what you need to know
• GDPR – the legal grounds for the collection of personal data
• GDPR – the techniques to protect personal data

Do you have more thoughts about GDPR? Suggestions? Or questions? Contact our team at info@nipo.com, we would be happy to hear from you.

Thank you for participating in our survey.

Disclaimer: This blog is made available by NIPO for the purposes of providing general information and a general understanding of GDPR, and should not be considered or used as a substitute for legal advice. NIPO does not accept any responsibility or liability for the accuracy, completeness, legality, or reliability of the information contained on this blog.

Welcome to the third post in our GDPR blog series. In the first post, we gave you an overall high-level look at GDPR. In the second post, we focused on the legal basis on which market researchers can process personal data. In this post, we will focus on pseudonymization and anonymization, specifically how these measures can help you protect individual’s personal data and comply with the GDPR.

Although similar, pseudonymization and anonymization are two distinct techniques that allow data controllers and processors to use data. The difference between the two techniques hinges on whether the individual data subject can be re-identified.

What is pseudonymization?

The concept of pseudonymization is one of the favoured techniques under the GDPR to minimize the amount of personal data that is held.

The GDPR defines pseudonymization as the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. It further provides that in order for the data to be pseudonymized, the data must be kept separately and subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. This means that the personal identifiers are removed from the data and stored in a separate database, and linkage to a specific individual will not be possible without the additional information that is held separately.

Although this technique detaches the link between the data and the data subject, pseudonymous data is still considered personal data under the GDPR because the detachment can be reversed and therefore, falls within the scope of the GDPR.

The application of pseudonymization to personal data can reduce the risks to data subjects concerned and help controllers and processors to meet their data protection obligations. The benefits of pseudonymization of personal data for controllers under the GDPR include:

• It is used as a safeguard for processing personal data for scientific, historical and statistical purposes.
• It is an important data protection by design feature used to implement the data protection principles such as data minimization.
• Controllers can use pseudonymization to help meet the GDPR’s data security requirements.

What is anonymization?

Anonymization of data means that it irreversibly destroys any way of identifying a data subject.

Data can only be considered anonymous if re-identification is impossible by the entity holding the data. Using anonymization, the resulting data should not be capable of singling any specific individual out, of being linked to other data about an individual, nor of being used to deduce an individual’s identity.

As long as the data is anonymized, it is outside the scope of the GDPR because anonymous data doesn’t include any personal data. Anonymization reduces any risks to data subjects, for example, where there is a data breach because the data cannot be linked to any specific individual.

In principle, organizations can use anonymized data for purposes beyond those for which it was originally collected and it could be used indefinitely as the data is no longer classed as personal data. In addition, once the data has been anonymized, then controllers do not have to respond to data subjects’ requests because they can no longer identify a data subject.

Conclusion

Pseudonymization techniques are different from anonymization techniques, however, they are both measures used to protect personal data and reduces any risks to the data subject. Both pseudonymization and anonymization are encouraged in the GDPR and enable GDPR compliance.

Disclaimer: This blog is made available by NIPO for the purposes of providing general information and a general understanding of GDPR, and should not be considered or used as a substitute for legal advice. NIPO does not accept any responsibility or liability for the accuracy, completeness, legality, or reliability of the information contained on this blog.

This is the second post in our GDPR blog series. In the first post, we gave you an overall, high-level look at GDPR. In this second post, we will focus on the legal basis on which personal data can be processed, more specifically on the legal bases that market researchers can rely on to process respondents’ personal data.

The GDPR provides several legal grounds on which the collection and processing of personal data can be based. In order to lawfully process personal data, at least one of these grounds must apply.  

The collection and processing of personal data are fundamental to the work of many market researchers. Therefore, it is imperative to know and understand what lawful basis can be used to process respondents’ personal data. For market researchers,the two most common lawful basesto process personal data are:

• Consent of the data subject (respondent)
• Legitimate interest of the data controller (market research company or its client) or a third party (client).

The approach to deciding what lawful basis researchers should use for processing personal data may vary by member states, as domestic markets may have different characteristics. Researchers need to assess what legal basis are most used within their individual jurisdiction, and comply with any national research code of conduct, in addition to the GDPR requirements.

Consent

Consent of respondents will often be used as the lawful basis for carrying out research in many EU member states. The GDPR retains the concept of consent contained in the 1995 directive, but raises the bar for considering it valid, by setting out additional requirements.

Under GDPR consent shall be:

• Freely given: It must reflect the respondent’s genuine and free choice, and he/she must be able to refuse or withdraw consent without detriment. There should be no element of coercion, if the consent was not freely given, then that consent will not be valid.
• Specific: Consent must be intelligible (easy to understand) and distinguishable from other matters like terms & conditions (no bundled consent). It must relate to specific processing operations. Blanket consent that does not specify the exact purposes of the processing is not valid consent.
• Informed: Respondents must be able to understand the extent to which they are consenting and be aware at least of the identity of the controller and the purposes of the processing.
• Unambiguous: It should not be open to more than one interpretation.
• Clear affirmative action: The respondents must do something to manifestly indicate that they agree to the processing of their personal data, such as by a written statement, including electronic means, or an oral statement. An example of a clear affirmative action is the ticking of a box. Silence, pre-ticked boxes or inactivity does not constitute valid consent under GDPR.

Where data processing has multiple purposes, consent should be given for all of them, unless such purposes are considered compatible. This essentially means that the data controller (market research company or its client) can further process personal data, where the purpose of the processing is compatible with the purpose for which the personal data was initially collected.  

EXAMPLE

If a company that produces chocolate wants to know, through a survey, how many adults (ages 18-40) eat their chocolates, it needs to obtain consent for the processing of the respondents’ personal data and specify to the individuals the purpose for which they will be using such data, which is to know how many adults in that age range eat their chocolates. After completing the survey, the chocolate company compiled a list of the people that eat their chocolate often, this list is then used for direct marketing (they send emails and posts to the individuals about their new products). This will be considered incompatible with the purpose for which the respondents’ personal data was collected because the chocolate company never informed the respondents that they would use the information collected from the survey for profiling or direct marketing, and the respondents did not give their consent for the use of their data for this additional purpose.

If the legal basis used is consent, researchers must understand what GDPR consent means and the fact that respondents will generally have stronger rights (right to erasure, right to data portability) where consent has been given.

Explicit consent needed for sensitive personal data

There is a higher threshold for consent when the processing involves sensitive personal data. The GDPR provides that the respondent must have given his/her ‘explicit’ consent, but it does not specify what ‘explicit’ consent entails. Therefore, existing interpretations and guidance from legal advisers and/or supervisory authorities should be consulted.

The Article 29 Working Party (an advisory body made up of a representative from the data protection authority of each EU Member State), in its guidelines on consent, provided that the term ‘explicit’ is the way consent is expressed by the data subject. This means that the data subject must give an express statement of consent. It further stated that, in order to make sure consent is explicit, the data subject must have given consent in a written statement (e.g. signed statement) or an oral statement.

EXAMPLE

Going back to the survey in the earlier example, let’s suppose the chocolate company also asked about health information (i.e. how many are diabetic) of the respondents, the purpose is to enable them to improve their products so their diabetic customers can continue to consume, but with reduced health implications. All health information is considered sensitive personal data under GDPR, and so before the data can be collected and processed, the individuals must have given their explicit consent for this use of the data (granularity will allow respondents to consent for each processing activity).

Children’s personal data is further protected under GDPR. If the research project involves respondents (children) that are below the age of 16 (age limit can change based on the jurisdiction), GDPR states that parental consent must be obtained in order for the processing to be lawful, if you intend to rely on consent.

Consent needs to be re-validated

The GDPR makes clear that consent is not a one-off compliance box to tick and file away, it is an ongoing actively managed choice. It is important to keep records of consent (i.e. how it was obtained, for what purposes and what was consented to).

Data subjects’ consent needs to be regularly reviewed to ensure that the consent is still valid. The GDPR does not give a timeframe for consent to be reviewed, this has to be determined by the controller (market research company or its client), taking into account its needs as well as the rights of individuals, and preferably included in its internal procedures.

Legitimate interests

The term “legitimate interest” refers to the reasonable business purpose that the market research company processing the personal data may have to process data. This may include a benefit inherent in the processing of the company itself or society at large.

The GDPR provides that the legitimate interests of the controller (or third parties) must be necessary for these purposes, except where such interests are overridden by the rights and freedoms of the data subject which require protection of personal data. This means that researchers need to determine whose legitimate interests (market research company or a third party) and understand what exactly the legitimate interests are.

Researchers using legitimate interests as a lawful basis, need to, first of all, do an assessment before processing any personal data of respondents. This assessment is referred to as a balancing test. The balancing test is weighing between what the controller considers a legitimate interest on the one hand, and what the rights of the data subjects are on the other hand.

The balancing test must always be conducted fairly, there are several factors that need to be considered, these include:

1. The nature of the interests of the controller and the reasonable expectations of the data subject (respondent). Is there already an existing relationship between the market research company and the respondent?
2. The impact of the processing on the respondents’ rights and freedoms and the severity of that impact; for this purpose, it is useful to consider the particular status of the respondent (i.e. a child, an employee, a customer etc.)
3. Safeguards which are in place or could be put in place: the market research company needs to ensure that there are appropriate technical and organizational measures in place that will protect the respondent, and mitigate any risks or potential negative impacts of the processing.

EXAMPLE

An example of legitimate interest is in a situation in which a market research company recalls respondents for quality control purposes, although the respondents have not consented to such recall. In this case, the legitimate interest of the market research company is to perform a quality control, while on the other hand, there are the rights of the respondents.

In order to ensure that the rights of respondents are not infringed, the balancing test needs to be applied: after identifying what the legitimate interest is (quality control), the market research company needs to look at what type of data is involved, and to put in place appropriate safeguards (among others encryption or pseudonymization) to protect the personal data of respondents. Only at this point, will it be possible to assess the existence of a balance and the consequent validity of the legitimate interest.

Conclusion

The GDPR provides several legal grounds on which personal data can be processed, however, when it comes to market research, not all the lawful basis can be used. Researchers need to identify which of the lawful grounds for processing can be used for the particular research project before processing any personal data of respondents. As explained above, in most cases, obtaining consent from respondents is the best option, while in other cases, using legitimate interests as a lawful ground may also be appropriate.

If legitimate interest is the legal basis chosen by the market research company for the processing of respondent’s personal data, then it must ensure that it has carried out a fair balancing test. If the balancing test shows that the controller’s interests do not outweigh the rights of the data subject, then legitimate interest cannot be relied upon and the market research company will have to use another lawful basis (e.g. consent) in order to process this personal data.

The relationship between reputation and business success is a well-known fact. While a good reputation improves sales performance and increases a brand’s value, a bad reputation can rapidly take a business downhill. Aware of this, many companies pay meticulous attention to detail when it comes to product quality and customer service. Yet they often overlook the need to also maintain a good email reputation, which directly impacts the ability to communicate online.

What is email reputation

Email reputation is a technical metric which email service providers use to decide the ‘credibility’ of sent messages. It is defined by a score relating to the sender domain (i.e. the “nipo.com” part of an email address).

This score, which can continually change, determines whether messages get delivered into recipients’ inboxes, spam folders or are even delivered at all. You can think of it a bit like a personal credit rating, which banks use to decide whether they should lend you money.

Why email reputation matters to market researchers

There’s no point in sending out a survey invitation if it won’t arrive in recipients’ inboxes. If your sender domain has a bad reputation, your message is likely to be swallowed into people’s spam folders or, worse still, be blocked from being delivered at all.

But if care has been taken to adopt good practices which result in a good email reputation, your survey invitations are much more likely to arrive in a place they’ll be seen, reaching recipients’ inboxes directly and without delay.

The sender domain’s email reputation can therefore make or break the success of your market research project.

Why the email reputation system was created

The ease and cost-effectiveness of using email to communicate with consumers and companies alike has led to staggering amounts of email traffic. There are currently 3 billion email users worldwide, and rising – approximately 50% of the planet’s population.  

Unfortunately, this simplicity and accessibility has given rise to spamming and dishonest emailing practices, by which irrelevant or unsolicited emails are sent, typically to a large number of recipients, for the purposes of advertising, phishing, and distributing malware. This has turned into a big business, with various reports estimating that spam messages account for 50 – 80% of the world’s email traffic.

Email service providers needed to do something to protect email recipientsfrom the influx of unwanted and dangerous emails, which has resulted in the email reputation system currently in use.

How email reputation works

Email reputation is the total result of combining a number of quantitative metrics designed to evaluate how honest and well-targeted emails from a particular domain are. The total score a domain accrues determines whether its outgoing messages are blocked, directed to spam folders or successfully delivered to inboxes.

Whatever role you work in, it’s worth understanding the two most fundamental aspects of email reputation:

• Email reputation measurement is primarily based on the sending domain (e.g. “nipo.com”) rather than individual email addresses (e.g. “person@nipo.com”). But there are no universal rules for achieving a good reputation because each email service provider (Google, Outlook, etc…) applies different, publicly unknown algorithms. This means that what works for one email provider won’t necessarily work for other email providers.
   

• An email reputation score is derived over a domain’s entire lifetime. It starts being calculated from the very first email sent from that domain, and continues to be adjusted with every email that goes out. The reputation can improve and decline over time, but the score can never be completely reset to start all over again. A domain which has earned itself a very bad reputation, at any point, will have to live with the consequences forever.

And this is one of the most difficult things with email reputation: it can take a long time to earn a good reputation, but it is possible to destroy it in an instant. Vigilance in responsible email practices needs to be applied at all times.

If you want impressive response rates, look after your email reputation!

Aspects which influence email reputation score

Events and aspects which are widely understood to damage email reputation include:

Recipients marking email as spam – The more times your emails are marked by recipients as spam, the more likely email service providers are to conclude that you’re sending unsolicited messages.

Poor email engagement – Email providers are interested in how relevant your messages are to their recipients, and they judge this by what percentage of the mails get opened. A low open rate is considered to mean recipients aren’t interested in them.

Invalid recipient addresses – Sending messages to invalid email addresses is fatal for your email reputation. It’s a clear sign that you don’t actually know who you are sending your messages to.

Type of email content – Email providers have become very skilled in identifying certain keywords and phrases which are likely to indicate an email as being unsolicited or dangerous. All messages are scanned for these.

Unverified sending domain – Dangerous senders often try to pretend to be someone they are not by using someone else’s domain. Many email service providers therefore block emails coming from an unverified sender domain.

Irregular frequency and volumeof emails – Because spammers don’t tend to have a consistent send frequency, email providers look at how often your messages are sent out. Changing the frequency may damage your email reputation.

Lack of history – If there is no history, email providers cannot draw any conclusions about your intentions. Remember that you start enhancing or damaging your email reputation from the first send-out.

How to build and maintain a good email reputation

The good news is that you can always have control over your email reputation.
To find out how, check out our practical guide on building a good reputation and ensuring smooth delivery of all your survey invitations sent out by Nfield Online.

The General Data Protection Regulation (GDPR) comes with strong implications for all kinds of industries, and the market research industry is no exception.  Since personal data collection is an essential part of many research projects, professional researchers and their survey software providers need to get prepared for the significant changes that are about to come. NIPO is convinced of the importance of GDPR compliance. Accordingly, we want to make sure that the NIPO organization and the Nfield platform are GDPR compliant.  This is an important benefit for our customers, however, on their part, they will also have to make sure their organization and services are compliant. In order to help customers with this, NIPO will share information about GDPR and provide advice. We will also keep our customers updated on how we are working to be GDPR compliant.  The GDPR becomes enforceable from 25 May 2018 after a two-year transition period, so get ready and read the most important GDPR information we selected especially for you. More Blogs will follow in the near future.

GDPR protects EU citizens privacy

GDPR is a new piece of regulation which will become law across the EU in May 2018. It replaces the 1995 EU Data Protection Directive. The aim of GDPR is to protect the fundamental rights and freedoms of all EU citizens, in particular, their right to the protection of personal data. It is a response to the public outcry over privacy and a common practice when some companies swap access to personal data for use of their services.

As a result, GDPR has been designed to give people more control over how their personal data is used and introduces tougher fines for non-compliance and breaches. It also makes data protection rules more or less identical throughout the EU.

Territorial and business scope

GDPR applies to any company that collects data from EU citizens regardless of the company’s location and country of origin. Typically, you can then think about four business scenarios:

1. The company resides/ is located in the EU and collects data from EU citizens – GDPR applies.
2. The company resides/ is located outside the EU (Asia, Americas, Australia, Africa) and collects data from EU citizens – GDPR applies.
3. The company resides/ is located in the EU and doesn’t collect data from EU citizens – GDPR doesn’t apply.
4. The company resides/ is located outside the EU (Asia, Americas, Australia, Africa) and doesn’t collect data from EU citizens – GDPR doesn’t apply.

Who is who in data collection

GDPR defines two roles: controllers and processors.

A data controller determines the purpose (why) and means (how) of the processing, while a processor is responsible for doing the actual processing of the data on behalf of the controller. So the controller could be any organization, from a profit-seeking company to a charity or government. A processor could be for example an IT firm doing the actual data processing.

Both controllers and processors have a responsibility to abide by the rules provided in GDPR. What’s new is that GDPR places direct compliance obligations on data processors for the first time at EU-wide level. So, now data processors are subject to liability if they fail to comply with their contractual obligations (e.g. failure to report a data breach) to their controllers.

Personal data definition

Before GDPR, the directive defined personal data as any information relating to an identified or identifiable natural person.

GDPR specifies and broadens the definition of personal data to include online identifiers (cookies, IP addresses etc.), genetic data (an individual’s gene sequence), biometric data (fingerprints, retinal scans etc.), location data (GPS etc.).

Other data, like economic, cultural or mental health information, are also considered personally identifiable information. Genetic and Biometric data are considered as Sensitive personal data under GDPR.

Stricter rules for consent

GDPR significantly toughens consent rules. Under GDPR, consent must be an active, specific, informed and unambiguous action taken by the EU citizen. This also means that the passive acceptance methods, such as pre-ticked boxes and opt-outs, are not allowed anymore. Also, controllers must keep a record of how and when an individual gave consent so that they can demonstrate exactly what and when someone agreed to.

New rights for EU citizens

Ultimately, GDPR puts the control of personal data back into the hands of EU citizens by introducing a number of new rights that bolster their position. The new rights especially affect how controllers can process and keep people’s data.

• The right to data access – EU citizens have the right to access any information a company holds on them, and the right to know why that data is being processed, how long it’s stored for, and who gets to see it. Companies must be ready to provide such an information within one month since the EU citizen’s request is submitted.
• The right to be forgotten – EU citizens have the right to demand that their data be deleted if it is no longer necessary for the purpose for which it was collected. They can also demand that their data be erased if they have withdrawn their consent for their data to be processed. The controller is responsible for telling other companies who the data has been shared with, to delete any links to copies of that data, as well as the copies themselves.
• The right to prevent profiling – means that it is not allowed to process and connect data from different sources with the intention to create the profile of an EU citizen and use such a composed information.
• The right to rectify – EU citizens can ask that inaccurate data be rectified or incomplete data be updated.
• The right for data portability – allows EU citizens to obtain their data from the controller it was provided to, and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily to another controller in a safe and secure way, without hindrance to usability.

Rising fines

It is the responsibility of the controller to inform the local data protection authority of any data breach that risks people’s rights and freedoms within 72 hours of the company becoming aware of it. Those who fail to meet the 72-hour deadline could face a penalty of up to €10 million or 2% of their global annual turnover, whichever is higher.

For violations related to the lawfulness of processing (consent, legitimate interest etc.), data subject rights, and cross-border transfers, the data protection authority could issue a penalty of up to €20 million or 4% of their global annual turnover, whichever is higher.

Questions you need to ask and why they are important

There are several questions companies need to ask and answer in order to begin the process of compliance with GDPR, below you will find some questions that need to be considered:

1. What is the relationship between my company and NIPO, are we controllers or processors?
In the relationship between your company and NIPO, your company is the controller and NIPO is the processor. This means your company determines what data needs to be collected, and the purpose of collecting the data, and then NIPO processes the data collected on the Nfield platform.

2. Does my company process personal data? 
The first thing any company needs to know is whether or not it processes personal data. This is relevant in order for the company to identify what type of personal data it has, does it include sensitive data? where is the personal data stored? who has access to this data? is this data shared with third parties? do you transfer the data outside the EU? Knowing the answers to these questions will improve efficiency, and enable you to access the data and act on it quickly and reliably.

3. Which lawful basis for processing is used by my company?
GDPR provides several lawful bases (consent, legitimate interests etc.) for the processing of personal data. The company needs to identify which one it uses to process personal data. It is important to identify the lawful basis you use for processing because it has an effect on individual rights. For instance, if you rely on someone’s consent to process their data, they will generally have stronger rights (e.g. request to have their data deleted).

4. Does my company have any procedures in place to handle data subjects’ requests?
Is there a software already in place that allows data subject’s exercise their rights (e.g. right to be forgotten), is there a timesale to respond to data subject’s request (e.g. right of access)? Knowing if you already have procedures, will enable you to quickly respond to data subject’s requests, and if there aren’t any procedures in place, then you can begin to work on having new procedures.
 
5. Is my company prepared for a data breach?
In cases where there is a data breach, do you have mechanisms in place that detect data breaches? are there any processes in place to address data breaches? This is important because if you have mechanisms to detect data breaches, it allows you to address the breaches quickly and mitigate its possible adverse effects, where appropriate effectively.

Disclaimer: This blog is made available by NIPO for the purposes of providing general information and a general understanding of GDPR, and should not be considered or used as a substitute for legal advice. NIPO does not accept any responsibility or liability for the accuracy, completeness, legality, or reliability of the information contained on this blog.

Cyber attacks are continuing to increase globally in both number and scale, impacting all kinds of organizations in all kinds of industries. Every company is a potential target. Which means market researchers need to be as aware as anyone about the possible threats and take the necessary preventative action. This calls for being armed with the relevant knowledge and having a system which robustly protects survey data and, with that, company reputation.

A single “NotPetya” ransomware attack in June 2017 led to Nurofen maker Reckitt Benckiser taking an estimated EUR 110 million hit in revenue*. 

*source: the Guardian 6 July 2017

Just think about what would happen if your company falls victim to malware which compromises your entire fieldwork operation, causing irretrievable loss of your fieldwork and respondent data. Not to mention the damage done to your client relationships.

We did, which is why NIPO’s Nfield survey systems are designed to keep cyber attackers out. But optimal cyber security also depends on good human awareness of the threats, so people themselves do not become the vulnerable weak link. We therefore held a webinar about cyber security to educate our customers and help them protect their interests.

In this, NIPO explains why IT security in market research matters to you, provides guidance on what you can do to keep cyber attackers out and answers questions such as: 

• What are the probable external and internal cyber threats, and how could they damage your market research business?
• What is the correlation between the different types of infrastructure (on premise, hosted or cloud) and data security vulnerability?
• What is ISO 27001-2013 certification, and why is it so important and indispensable for your research business?
• Is there such thing as a “checklist” to run business securely?

Find out more
For more details on how NIPO ensures cyber security in its solutions and business, see the Nfield security factsheet. 

So what’s next?
If you would talk about whether your current solution meets the required security standards, then let us know. You can contact us at sales@nipo.com.

Sending interviewers to targeted locations requires specific distribution options within the software itself, all of which can be found within Nfield CAPI. Have you already heard about sampling points?

​Sampling points help you organize the fieldwork

In face to face interviewing, we refer to sampling points when talking about survey distribution. So what are sampling points?

From a technical perspective, sampling points are a way of categorizing interviews into certain groups (points). Categories could literally be anything: streets, areas, cities, or even experienced interviewers in one sampling point and less experienced interviewers in another.

In practice, sampling points are commonly used for a geographical distribution of interviews. The usage of sampling points helps you

• assure a geographical representativeness of the survey
• simplify the quota frame
• control the fieldwork and targets better.

Thanks to sampling points it’s easy to assign interviewers to interviews and control your fieldwork!

The geographical categorization helps to divide and manage the fieldwork and survey targets because interviewers may live in different areas or because you need to find respondents across a number of areas. 

For example, when working on an international project involving many countries (offices worldwide), one sampling point could be one country (one office) with many interviewers.

Or in another case, when working on a local project, the town could be divided into parts with each one assigned to a different interviewer as a sampling point.

Nfield CAPI offers various scenarios

The following examples are theoretical and meant to explain you the main differences.

1. Surveys without sampling points and without quota
Non-geographical distribution is defined and your interviewers can ask anybody and anywhere.

Typical situation: polls

Example 1 without quota and sampling points actually means no table at all.

2. Surveys without sampling points and with quota
Non-geographical distribution is defined by sampling points, but please note that a quota frame can still be used for geographical distinction. The fieldwork is controlled through the total target that is placed in the software.

Typical situation: the interviewers who live in different cities interview people who are randomly passing by

Example 2 with quota, but no sampling points

3. Surveys with sampling points and quota
Geographical locations with the targets as the sampling points (Amsterdam East, Amsterdam West, Amsterdam South) need to be uploaded first, and then a quota frame with sample characteristics (female, male) should be set up. The fieldwork should be controlled through sampling points, not the total target. The sum of the sampling points targets is your total target, but having the total in the software does not help you control the fieldwork better.

Typical situation:  a complex set-up used for international or national projects when a detailed distribution is needed

Example 3.1. with sampling points and quota, less items

Example 3.2. with sampling points and quota, more items

Computer-assisted-telephone interviewing (CATI) guides the interviewer step-by-step through the questionnaire, dials telephone numbers according to a certain criteria set and analyzes processes in the background to enhance your cost and operations efficiency. Did you know that…

..CATI has been around for more than 40 years?

Until the 1970s telephone data collection relied on the use of paper questionnaires, which were administered by interviewers over the telephone. The data from the paper questionnaires then had to be manually edited, keyed, and processed before results could be distributed.
 
As computers advanced, becoming smaller and more powerful, the concept of utilizing them to conduct surveys was pursued. From simple solutions with basic options, CATI soon evolved into complex engines, and NIPO is proud to own one of the most proven and renowned CATI solutions on the market today.

​Choose a solution that suits you best

When selecting a software solution, there are two options for conducting your telephone research: on premise or cloud CATI solutions. NIPO offers both options so you can choose the one that suits you best.

• On premise (NFS CATI solution): physical servers, CATI software and your survey data are stored and maintained within your own organization’s IT infrastructure, therefore you need to establish your requirements internally. Most CATI features are located within the CATI software, not the dialer itself, so you can connect a dialer of your choice to the software.

• Cloud (Nfield CATI solution – under development): your survey data is stored in the cloud infrastructure at Microsoft’s data center. Microsoft and NIPO are responsible for all maintenance, system upgrades, cooling equipment and power delivery tools. Most CATI features are located in the dialer, therefore it is not possible to connect a dialer of your choice to the CATI software. This solution is under development. For more information, contact us at info@nipo.com.

​CATI features

Our CATI solutions power the largest telephone surveys in the world. Amongst market researchers, it’s wildly accepted as a reliable and robust telephone data collection platform. Our Sales Team are keen to work with you to understand your needs and assess what solution would work best for you.

The key features of our CATI are:

• CATI operations can be scaled up from six to thousands of interviewers
• It enables interviewers to work from anywhere (called virtual call centers)
• Questionnaires can be designed with easy-to-follow instructions and cues
• Respondents have the option to start a survey on the phone and complete it online later
• An open architecture allows features to be customized to meet different standards – for example, to control how many times a telephone number should be called, or the call-again delay for busy calls
• Listen and coach your interviewers live
• Quota targets can be viewed and managed in real time
• Changes can be made in real time without bringing operations to a halt to modify interview scripts or dialing parameters
• Progress and performance can be monitored in detail, regardless of the location of the interviewers

Even more, our CATI solutions offer advanced capabilities such as auto, progressive and predictive dialing to help you drive productivity.

• Predictive – the dialer determines that a percentage of calls will be unsuccessful and therefore makes a large number of calls in parallel and then routes the live call answers to the next available interviewer.
• Preview – the dialer makes sequential dials from a contact list and allows the interviewer to preview the contact record prior to the call and decide if they wish to proceed with a call or move to the next contact on the list.
• Power – the dialers connect interviewers to respondents more efficiently by allowing the interviewers to focus on live connections. When an interviewer becomes available, the system automatically dials the next contact.

Face-to-face interviewing is a complex process comprising interviewers, mobile devices and software. A multitude of elements within this process can make a project prone to mistakes, leading to a delay in the delivery or even data loss. Outlined below are our essential tips for some of the most common problems associated with face-to-face interviewing to help you ensure a smooth execution of all CAPI projects.

1. Select the right device

The Nfield CAPI app runs on all Android tablets and smartphones, though not every device will serve you accordingly. We recommend that you run through a checklist mapping the factors that come into play when selecting the right CAPI device.

2. Embrace the issue of security

Security of your data is an absolute priority to us. Rest assured that we do our utmost to keep your data safe, however you also have a crucial role to play in data security by following a few simple rules:

• Ensure that you can wipe a device remotely in the event that it gets stolen. If this is not a feature on the device itself, please consider acquiring such a service. Mobile Device Management (MDM) software will help you configure, manage and secure mobile devices. Never heard before? Please see http://www.air-watch.com.
• Create logins per interviewer; never set up logins per device. Nfield CAPI enables you to track activities taken by the interviewers through their unique user ID.
• Set strong password requirements in Nfield CAPI, and ask your interviewers to keep their logins confidential or even to change the password regularly. The downside is that the more complex password, the bigger chance the interviewers will eventually jot it down on a piece of paper.
• Apply a user role configuration that defines a scale of activities the user is allowed to perform in Nfield CAPI. When somebody leaves the company, don’t forget to remove them from Nfield CAPI immediately.
• Once the quota of interviews for your project is reached and the fieldwork concludes, press the STOP button on the Nfield CAPI interface to automatically remove the survey from all devices the next time interviewers sync.
• Un-assign interviewers who no longer work on the project.

3. Prevent possible trouble in your fieldwork…

… by informing your interviewers thoroughly about how to use the Nfield app. 

• Always log out of the app at the end of the day – never remain signed in the Nfield CAPI app.
• Sync regularly so that you work with the latest version of the survey and its information. Please bear in mind that transferring large volumes of data after various days of work may take you plenty of time.
• Ensure your internet connection is stable when you start syncing the data, and do not change your network connection as this can disrupt the data transfer.

• Activate the GPS on your mobile device if you receive a notification through the Nfield CAPI app.
• If you are assigned to a project which includes addresses and you share the device with more interviewers, don’t leave unfinished interviews in the Nfield CAPI app. When the next interviewer logs in and syncs his data on the device, your unfinished interviews will be removed.
• Use the device’s energy source wisely as you will be using it throughout the day to complete all interviews. Please see the recommendations how to prolong battery life.

4. Monitor updates

There are two types of software updates that you need to be aware of:

1. Nfield CAPI app updates
2. Android operating system updates

Nfield CAPI app updates (NIPO)

The Nfield CAPI app is managed by NIPO, and any updates are designed solely to augment the features of the app. Every release automatically updates the backend of Nfield CAPI but requires the manual intervention of the interviewer to take effect on the device.

Android operating system updates (Google)
All Android operating system updates are managed by a third party – Google. These updates impact the software that the whole device runs on; they are not primarily calibrated to Nfield CAPI functionality.

The Android operating system update usually starts by a window which automatically opens on the screen asking for permission to update the operating system.  The interviewer will need to consent to this before any updates can take place. In other words, the update doesn’t happen automatically.

Whilst we thoroughly test all major updates of the Android operating system to examine whether Nfield CAPI features have not been affected, due to the diversity of mobile devices available and the number of versions of the Android operating being used at any one time, it makes in-depth testing on a large scale impossible.

5. Consider training options

Experienced researchers and fieldwork executives dive into Nfield CAPI without any hurdles. The same applies to scripters who are already familiar with the ODIN language. For those users who require full scale onboarding, we offer introductory and tailored training.