The General Data Protection Regulation (GDPR) will come into force across the EU on 25 May 2018. This regulation will bring further protection to the way data from platform users is collected, archived and used for client research studies. This policy introduces more transparency in data collection and data security.
Further holds ICO accreditation in the form of ISO27001. We have always held ourselves to a high standard of data security and protection, and achieved the accreditation to assure clients and users too.
“The Further team is entirely invested in our security infrastructure, continually refining practices to secure any data collected, processed or archived. In the last year, we have worked hard to audit and create processes that protect our clients and platform users explicitly with these new data regulations in mind. We ensure our suppliers are also compliant. We maintain the integrity and security of that data as it pertains to GDPR and the overall protection of personally identifiable information.
Stephen Cribbett, Further CEO and Founder
Here’s a quick summary of the updates we have made in relation to GDPR:
Personally Identifying Information (PII). We’ve introduced a data policy for platform users. Users with any data requests should contact email@example.com. Plus, we're changing our data storage process so that all study data is automatically deleted (including all PII data) no later than 60 days after Admin Access ends on our platforms.
Further acknowledges the rights of our platform users under GDPR. These rights include and are not limited to:
- Notification and communication of personal data collected
- Parental/guardian consent for users under the age of 16
- Right to understand how data will be used
- Right of access by the panellist
- Right to rectification
- Right to object
- Right to data portability
- Right to be forgotten
Marketing. As has always been our commitment, you have the right to opt-in or opt-out from any marketing communications from Further. We hope you will choose to stay in touch.
Data hosting and Encryption at Rest. We use Amazon Web Services to host and process our clients’ data. It can be located in either of two server stacks in Oregon or Ireland. All access to the platforms is secured and encrypted over https and tls. Data stored on the service relies on AWS encryption at rest which provides high level security and encryption for all data input or stored on our platforms.
GDPR requires the ability for all EU platform users to view and download all personal data collected on them. Upholding their views of full transparency, Further is voluntarily extending these same rights to their members in North America and across the world. We believe all of our participants should have the same rights to privacy and transparency – not just those in Europe.
Further continues to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust processes accordingly if changes are made. To learn more and get started with GDPR-compliant studies, contact us at firstname.lastname@example.org or click here for more practical advice that we put together with the MRS and DAC Beachcroft's legal team.