HomeKnowledge base › Market research agencies and respondent data
Market research

Market research agencies: destroying respondent data

A market research agency's respondent data and focus-group recordings ready for confidential destruction

A market research agency processes the answers of thousands of respondents: surveys, panel data, screening data, incentive payments and sometimes recordings of focus groups and interviews. Part falls under the tax retention obligation, but most respondent data should be kept as briefly as possible and anonymised or destroyed after completion. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: identifiable respondent data you keep as briefly as possible, tied to the purpose of the study. The administration and incentive payments fall under the tax seven years. Anonymised results may be kept, identifiable raw data you clear out. What may go disappears confidentially and with a certificate.

Purpose limitation and anonymisation as the starting point

Market research is about insight, not about keeping personal data. The GDPR requires purpose limitation and storage limitation, and with research that weighs heavily. Collect only what the study needs, use it only for that purpose and clear out the identifiable data once the study is completed. What you still need afterwards is usually the anonymised and aggregated results, which can no longer be traced to a person.

Make that distinction sharp. Anonymised outcomes may be kept for reporting and comparison. Raw answers with a name, email address or phone number attached are personal data and should stay as briefly as possible. That way you keep the value of your research without the burden of a mountain of identifiable data.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the completion of the study.

PartStarting pointPeriod
Administration and incentive paymentsTax retention obligation7 years
Anonymised and aggregated resultsNot identifiablefree to keep
Identifiable raw respondent dataPurpose limitation and minimisationas briefly as possible
Panel and screening dataWhile the panel is activepurpose-bound
Special data within answersExtra protectiondestroy finely
Focus-group and interview recordingsWith consent, shorterase after processing

Use this as a guideline, not a final legal ruling. Set the retention period per study in your arrangements with the client. The certificate side is in our explanation of the certificate of destruction and the broader retention logic.

Special data within surveys

Depending on the topic, a survey can concern health, political opinion, religion or sexual orientation. That is special-category personal data with stricter rules. As soon as these answers are identifiable to a person, they should be secured separately and disappear at a fine level once the study purpose has been served. Anonymise where you can, so the sensitivity leaves the data.

The processor role and the client

Market research agencies often work on behalf of a brand or institution. The respondent data is then that client's, and you record the arrangements about keeping and destroying in a processor agreement. Match your periods to those arrangements. More on that is in the processor agreement checklist and record of processing, archives and destruction.

How to handle it in 6 steps

  1. Split the data into administration, anonymised results and identifiable respondent data.
  2. Anonymise the results once the study is completed.
  3. Treat special data separately and at a fine destruction level.
  4. Erase recordings of focus groups once they have been processed.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Identifiable respondent data is destroyed confidentially at a fine level, because it contains contact details and sometimes special answers. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. Old recording carriers and backups with interviews belong with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR and your client that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Respondent data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at a fine DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping raw respondent data just in case. After completion and anonymisation the purpose lapses.
  • Not anonymising. Aggregated results are safer than identifiable answers.
  • Treating special answers as ordinary data. Health and religion need a fine level.
  • Keeping recordings indefinitely. Focus-group recordings you erase after processing.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long may a market research agency keep respondent data?

Identifiable respondent data you keep as briefly as possible, tied to the purpose of the study. Once the study is completed and the results have been anonymised, you clear out the identifiable data. The administration and incentive payments fall under the seven-year tax retention obligation.

Can a survey contain special-category personal data?

Yes. Depending on the topic, answers can concern health, political opinion, religion or sexual orientation. That is special-category personal data requiring extra protection and a fine destruction level.

What is the difference between anonymised and identifiable data?

Anonymised and aggregated results can no longer be traced to a person and may be kept. Raw, identifiable answers with contact details you minimise and clear out once the purpose has been served.

How do I destroy respondent data in line with the GDPR?

Confidentially and at a fine level, with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A market research agency works with the answers of many respondents, sometimes right up to special data. Keep the administration and incentive payments seven years, anonymise the results and clear out the identifiable raw data once the study is completed. Special answers and recordings you treat separately. What may go you have destroyed confidentially at a fine level, with a certificate as proof. That way you keep the value of your research and protect your respondents.

Read also: mortgage advisers: destroying client files, recruitment agencies: destroying candidate profiles, printers: destroying variable data and the GDPR retention periods cheatsheet.


Have respondent data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.