What does data protection, privacy and security mean for us?

We protect the things we really care about. And that’s why managing data in a safe way is a top priority at GfK. 

For us, data protection, privacy and security are about more than sets of rules or regulations – these areas are ingrained into our culture and are at the core of how we deliver trusted insights.  

As a global leader in market research and big data analytics, we’re experts in dealing with sensitive information and know just how much today’s consumers value the security of their personal data. Our customers trust us with their personal information and their privacy. And protecting that information and respecting their privacy is fundamental to maintaining that trust. Our privacy and security programs govern how we collect, use and manage employee, client and customer information.

Everyone within our organization is responsible for demonstrating compliance when it comes to data protection, privacy and security – not because of the law, but because our company philosophy demands this attitude and commitment.


What are we doing about it?

We have a dedicated organization that maintains and monitors compliance and ensures all employees understand the importance of protecting the confidential data GfK manages. Trainings on data protection are constantly underway throughout our offices around the world and this is something that is supported by the highest management levels. 

GfK welcomes researches to willingly and voluntarily report any vulnerability that is connected to GfK solutions and systems. Submission of these vulnerabilities are subject to the terms and conditions set forth in this link vdp.gfk.com By submitting a vulnerability to GfK, the finder acknowledges that it has read and agreed to these terms

We ensure a secure environment to protect the confidentiality, integrity and availability of information. We do this by implementing a broad range of security technologies such as network security, data encryption and access controls. We make sure that all our solutions are designed and developed with security in mind from the very start. We maintain a strong information security management program to ensure a proven policy and compliance structure, a comprehensive security awareness program and a solid risk management framework.

Cyber security attacks pose a significant risk to our business, infrastructure and data assets. Remaining vigilant in preparing against these threats, defending against them and planning for the future, are essential elements of our strategy.

Our Data Protection organization reports directly to the CEO and CFO and includes three levels: a central team in our Nuremberg headquarters, a privacy representative in each of our regions and data protection or privacy officers mandated by local laws in the corresponding countries. This is so our clients, partners, and authorities always have a strong point of access for clarifying any issues on data protection.


„For GfK, data protection goes beyond existing standards and new regulations, such as the General Data Protection Regulation, that will come into play. We strive to keep our promise of being a trusted partner and one that delivers uncompromised insights to our clients. That means sophisticated measures are in place across our offices to ensure we have harmonized security standards in all countries where we process data.“

Leadership, GfK.


What is the General Data Protection Regulation (GDPR) and will it impact GfK?

The GDPR is a European privacy law that will come into effect in May 2018. It will impose new rules on all organizations that offer goods and services to consumers in the EU or that collect and process data related to EU citizens. This means there will be stricter rules on how personal data is managed, people will have more control over how this data is used and higher sanctions will be enforced on those who do not comply. 

For a global company like GfK, the GDPR provides an opportunity to build on the principles we already live by, that´s why we will also adapt these principles at a global level. We will continue to work in lawful, fair and transparent manner, meaning personal data will be accurate, completely confidential, only collected for legitimate purposes and only stored for the required amount of time. 


Any questions?

We would be happy to answer any of your questions or queries on our data protection policies. Simply contact the Data Protection Officer in your country. You will find our privacy notices as well as contact information of our data protection officers here.