Our Data Quality Management for Market Research
At FFIND we are committed our clients as well as our respondents to ensure the highest quality in both the implementation and the expedient result sof our studies by means of extensive data quality control. In our day to day tasks, data protection plays a vital role.
Which memberships and certifications does FFIND have?
FFIND is a member of the ESOMAR (European Society for Opinion and Marketing Research). The Quality Management has been certified according to the international quality standard ISO 20252:2012, which specialises in requirements for organisations condusting market, opinion and social research. FFIND has also been certified by the Quality Management standard ISO 9001:2015. Theen Quality Consulting supports and accompanies us in our certification procedures for ISO 9001: 2015 and ISO 20252: 2012.
Which guidelines are imposed on the employees of FFIND?
All employees of FFIND have signed agreements obligating them to comply with the secrecy of data according to § 35 SGB I (Social Security Statute Book). The obligation of secrecy shall survive the termination of this agreement.
What happens with the data collected by FFIND?
All results of a survey are solely presented in an anonymized form and do not allow any trace or personal identification of the participating respondents or institutions. Personal data is under no circumstances passed on to third parties.
Answers of our respondents are generally immediately processed electronically. The data is split from the addresses and converted into variables, so that no data can be traced back to the individual respondent. All interview data is evaluated without the name, address, telephone number, etc.
How does FFIND guarantee transparency with regards to the respondents?
We accord the highest priority to transparency, not only with regards to our clients but also to our respondents. Since July 1, 2009, all research institutes are required to display their number. FFIND complies with this specification in all of its three branches: Frankfurt am Main (Germany), Palermo (Italy), and London (UK).
This way, every contacted potential respondent receives the chance to identify our research institute, even without answering our call.
Which measures are taken to control the quality of the collected data?
The Quality Management System of FFIND is subdivided into the following process stages:
(standard trainings with an interviewer manual, monitoring, experience exchange groups, video-briefings, a central booking system)
(on-site briefing with the clients, periodic status updates or online reporting’s, documentation of the process steps in a project management tool, controlling of the survey process by means of a software developed in-house)
Our Data Managers are conducting continuous formal and contextual checks of our data sets during the course of each project and additionally before the data delivery to ensure that our clients receive solely applicable results. The data sets are checked with regards to completeness, questionnaire filters, quotas, duplicates, and similarities and a plausibility check is conducted.
The processes are defined in our QM handbook and in compliance with the provisions of regulation ISO 9001:2015.
How does FFIND verify that the interviewers are eligible for the projects?
Every new interviewer attends a mandatory training session, which consists of an introduction of the company, an explanation of basics within the field of market research, clarification of interviewer guidelines and a demonstration of different types of questionnaires. The working tools are shown to the interviewers, who have the chance to listen in on a live session.
Additionally, every interviewer watches a specialised video briefing before each new project, which gives a detailed explanation of all the information relevant to the project and goes through the questionnaire. If a video briefing is unavailable, a test interview can be conducted.
Furthermore, all interviewers sign a confidentiality agreement at the beginning of each project, which includes provision to maintain and keep confidential any kind of information regarding individuals, legal persons, organisations, associations, institutions, etc. This ensures that no contents or parts of the questionnaire that are subjected to copyright protection are disclosed, that no data is left unattended, and that the correct approach during the interview, which is outlined within the training and project briefing, is upheld. If no such agreement is available on the client’s end, FFIND can provide a template.
Which control mechanisms exist in order to review interviewer performance?
At FFIND, 10% of all interviews are partially monitored, 5% are monitored up to three quarters of the way through, and an additional 5% are monitored in full.
Each interviewer taking part in a project must successfully pass at least two mock interviews before going live in field. The mock interviewers are conducted either among two interviewers and monitored by a supervisor, or between an interviewer and supervisor. This is to allow the interviewers to familiarise themselves with the questionnaire, which includes its structure and possible routings, to give them the chance to develop their own introduction to persuade respondents to participate, and to prepare them to spontaneously address any questions or concerns posed by the respondents.
How does FFIND ensure that external third parties work in accordance with the quality requirements?
Provided that a cooperation with an external third party is requested or confirmed by a client, FFIND carefully chooses its sub-contractors. Every cooperation agrees a clear regulation of the competences and responsibilities. The complete order process is formalized and the sub-contractor’s obligation to data protection and secrecy is specified in a written contract. To that end, FFIND has established a network of partners in its core countries.
With regards to the quality control of conducting interviews via external third parties, if no internal employee of FFIND speaks the relevant language, a professional translator is assigned to evaluate the competences of each individual interviewer.
At least one recording of one so-called mock interview has to be evaluated and signed off by the translator before an interviewer may start to work on the project. Provided that the language level is adequate and additionally at least five of the following criteria are met, the interviewer may start calling:
- Local dialects or accents (if so, it has to be evaluated if the dialect may constitute a problem for the project)
- Following interviewer instructions
- Friendliness and self-confidence
- Verbatim reading of every question
- Periodic repetition of scales and closed-ended questions
- Probing of open-ended questions
Which changes and consequences does the new General Data Protection Regulation (GDPR) imply?
On May 25, 2018, the new General Data Protection Regulation came into force. The surveying of test persons without traceable consent was already prohibited under the Federal Data Protection Act. In the course of the new data protection directive, both principals and contractors are adhering in an external relationship. The EU regulatory authorities are boosting their staffing, enhancing the chances that violations will be detected.
We are currently undertaking a strict review of our Data Management Systems and are proactively initiating measures to show the concrete adoption that are crucial for the application of regulation. An external certified technical institute for data protection is operating in an advisory function. Data protection is the most important subject for any employee in the field of market research.
Which measures have been introduced to secure the access to data?
Individualized access rights, regulations regarding user codes and the length and complexity of passwords, and a mandatory password change after 60 days are used to secure access to data. Only IT staff can reset passwords upon receipt of clear authentication. No old password may be re-used. After more than five false attempts to log on, access is denied. Keyboards and monitors are locked if not used for 10 minutes and can only be reset by re-entering the password.
What regulations are in place regarding the storage and destruction of data after completion of a project?
The destruction of data is conducted and in compliance with the provisions of ISO 9001:2015.
Which measures are introduced to ensure physical data protection?
In accordance with Art. 32 GDPR and Art. 25 GDPR (§ 64 – § 71 of the Federal Data Protection Act, if applicable), and in compliance with the provisions of ISO 9001:2015, our servers are located in locked cellar rooms and are secured by a burglary and fire alarm system.
Which measures have been set in place for the transmission of data?
Data is exclusively transferred to authorized users with a transmission log. All addresses are documented along the transmission chain. All files are checked for completeness and accuracy.
Internally, files are transferred via the internal network or the secure data exchange portal. All use is logged for traceability.
Externally, files are encrypted as agreed with the receiver with password protection and strong encryption algorithm (standard: AES-256).
How does FFIND ensure data protection?
FFIND has installed numerous technical and organizational measures in accordance with Art. 32 GDPR (§ 64 of the Federal Data Protection Act, if applicable). In accordance with Art. 37 GDPR (§ 38 of the Federal Data Protection Act) a company data protection supervisor has been appointed. The data is processed and stored in a computer centre certified in accordance with ISO 27001.