To be honest, I didn’t imagine attending the AQR/ESOMAR question and answer webinar, ‘How qualitative research is affected by GDPR V2’, would be the most enjoyable way to spend an afternoon. Luckily, the facilitators; Kim Leonard Smouter-Umans, Head of Public Affairs and Professional Standards at ESOMAR, and Nikki Lavoie, AQR Board, ESOMAR Council Member and Director of Mindspark Research International, skilfully navigated a series of relevant and interesting viewer questions.

Kim gave thoughtful and considered responses with a good understanding of the requirements of the qualitative context, and Nikki did an amazing job of organising the flow, setting the scene and clarifying the practicalities, as well as summarising and restating answers to ensure meanings were clear.

The webinar started with a quick refresher of general principles and an update on new developments such as GDPR codes of conduct. Kim had recently been in meetings with the European Data Protection Board, so much of what we heard was “fresh information, straight from the horse’s mouth”. The remainder of time was dedicated to the Q and A. Questions addressed issues such as: Who is a controller and who is a processor? When, and in which contexts must clients be named? Are audio and video considered personally identifiable information? Who might constitute a third party and how does that impact on their involvement in the research process and output? And more along the same lines.

This webinar succeeded in addressing concerns, questions, and uncertainties around GDPR and qualitative research. But it also demonstrated that when it comes to applying the regulation, the devil is often in the detail, and the interpretation of the detail can depend… Most importantly, the session was a reminder that a key element of GDPR for qualitative researchers lies in the P of the acronym, Protection. As professional researchers we are duty bound to respect our respondents. Regardless of the detail, the spirit of GDPR is clear: it is to protect by informing, gaining consent, and using personal data responsibly.