The General Data Protection Regulation (GDPR) came into force across the EU on 25 May 2018. GDPR introduces further protection to the way data is collected, archived and used for research studies. This policy introduces more transparency in data collection and data security.

Here is summary of the updates Further has introduced in relation to GDPR:

Improved clarity and transparency. We’ve reorganised our Privacy Policy to make it clearer and more understandable, defined key terms and described our data processing practices.

User Terms. The upcoming GDPR places new obligations on organisations that process personal data in the EU. As a result, we’ve not only updated our Privacy Policy but also our User Terms to better explain our relationship with our clients and their study participants’.

Personally Identifying Information (PII). We’re introducing a data policy for platform users, the process for which you will be able to see in our FAQs. Users with any data requests should contact Plus, we're changing our process from 90 days to automatically delete all PII no later than 60 days after Admin Access ends on our platforms.

Further acknowledges the rights of our platform users under GDPR. These rights include and are not limited to:

  • Notification and communication of personal data collected
  • Parental/guardian consent for users under the age of 16
  • Right to understand how data will be used
  • Right of access by the panellist
  • Right to rectification
  • Right to object
  • Right to data portability
  • Right to be forgotten

Marketing. As has always been our commitment, you have the right to opt-in or opt-out from any marketing communications from Further. We hope you will choose to stay in touch.

Data hosting and Encryption at Rest. We use Amazon Web Services to host and process our clients’ data. It can be located in either of two server stacks in Oregon or Ireland. All access to the platforms is secured and encrypted over https and tls. Data stored on the service relies on AWS encryption at rest which provides high level security and encryption for all data input or stored on our platforms.

GDPR requires the ability for all EU platform users to view and download all personal data collected on them. Upholding their views of full transparency, Further is voluntarily extending these same rights to their members in North America and across the world. We believe all of our participants should have the same rights to privacy and transparency – not just those in Europe.

Further continues to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust processes accordingly if changes are made. To learn more and get started with GDPR-compliant studies, contact us at or click here for more practical advice that we put together with the MRS and DAC Beachcroft's legal team.

Further is also ISO27001 certified.

PolygonarrowGroup 2Group 2burgerchevronPage 1 CopycloselinkedinGroup 2platform-angleButton Copy 5Group 8plusGroupGroup 2np_tick-mark_1146398_000000Group 2vimeo