Kantar recognises the importance of an ethical approach in the way that we manage data about people. We aim to process data securely, legally, and in accordance with ethical principles. This includes people data relating to research and survey respondents and panellists, and also our staff, customers and suppliers. We do this in each of the countries we work in.
Kantar has deployed a global Data Protection Framework which structured around regulatory standards such as GDPR, PIPL, CCPA, to maintain a global approach to data protection practices. We call this our Gold Standard.
Kantar also follows various standards and industry codes relevant to its operational locations, including ESOMAR and the Market Research Society (MRS UK). Many of these also have rules in relation to how we process people data.
The Data Protection Framework addresses all aspects of the people data ecosystem at Kantar, encompassing governance, policies, guidance, training, technology, and certifications. This helps us build a trusted ecosystem for stewarding people data. Kantar uses technologies such as OneTrust, Cookie Bot and its own consent management systems to manage the ecosystem.
Kantar has various ISO accreditations.
ISO9001 - International Standard for Quality Management Systems (certificate number GB14/92035.00);
ISO20252 - International Market Research Quality Standard (certificate number GB14/92036.00);
Cyber Essentials (certificate number IASME-A-014072);
MRS Company Partner
Robust governance is a key feature of the Framework. The Kantar Data Governance Committee meets regularly to oversee the operation of the Framework, to provide guidance, sponsorship, escalation and expertise. It is constituted by key leaders across Kantar, including the Chief Operations Officer, Head of Compliance and Data Protection Officer. Representatives from each of the Kantar business units also sit on the Committee.
The Kantar Data Governance Committee track key indicators and annual audits to drive improved compliance across the business. We deliver quarterly metric reports to senior Kantar leaders and perform annual audits to manage and measure risk.
Each business unit also has a dedicated accountability lead who is responsible for implementing data protection requirements in their part of Kantar and providing ongoing support to their teams.
The accountability leads are supported by a global network of over 100 data protection champions who provide on the ground training and support to their departments/teams.
Task Forces and Implementation Plans are set up in markets where new legislation brings new requirements.
We keep a centralised inventory of the different people data processing activities we undertake plus risk assessments to help us identify and minimise risks around people data.
Under the Framework, Kantar has implemented a range of policies (rules) and guidance on its approach to data protection, this includes,
Lawfulness, Fairness, and Transparency: Processing people data lawfully, fairly, and in a transparent manner.
Purpose Limitation: Collecting people data for specified, explicit, and legitimate research purposes and not to further processed in a manner that is incompatible with those purposes.
Retention: Defining retention depending on the nature of the personal and data and its purpose, and we delete people data once it is not necessary for the purpose of processing.
Data Minimisation: Ensuring people data is adequate, relevant, and limited to what is necessary in relation to the research purposes for which they are processed.
Accuracy: Keeping people data accurate and up to date.
Storage Limitation: Storing information in a form which permits identification of data subjects for no longer than is necessary.
Integrity and Confidentiality (Security): Ensuring appropriate security of people data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
Privacy by design: Ensuring good data processes and governance as standard across our technologies right from the design phase.
Automated Processing: Setting down guardrails on when and where this is feasible.
Children. Applying suitable protections to ensure that vulnerable people are protected.
Accountability: Allocating responsibility to key business leaders in Kantar and demonstrating compliance with the data protection principles above.
We recognise people rights under data protection and privacy laws, and have implemented steps to help ensure:
We are transparent around how we process people data
We can answer questions people may have around their people data
People can access accessing their data
People can correct any errors or delete their data
People can opt out of processing of their data
People can port their data
We recognise that authorities have the power to request access to people data at Kantar.
This is infrequent and typically relates to the prevention of crime, money-laundering or terrorism.
Kantar does not provide governments access to people data or access to our servers without a court order. We will attempt to challenge such a request provided Kantar has a basis upon which to challenge such a request. We will always balance our legal requirements to share data with interests, rights and freedoms of people.
Kantar recognises that transferring people data out of the country of origin can carry risks if the destination country does not adequately protect the data.
We comply with legislation affecting international transfers and ensure that the necessary rules are in place to ensure that we are transferring data across Kantar by following all legal provisions, regardless of the jurisdiction.
Following the Schrems II Decision, Kantar has implemented the updated Standard Contractual Clauses for transfers of people data between EU entities and third-party countries. Kantar also integrated the new EU SCCs into its intragroup agreement.
Kantar conducts transfer impact assessments which consider factors relevant to privacy protection when transferring data to other countries. The assessment also considers the legal regime in the destination country and the extent to which additional contractual, organizational or technical safeguards are required prior to effecting the transfer. We may apply supplementary measures depending on the nature of the processing, data and the country in question. Such measures may include encryption, pseudonymisation, clean rooms or split or multiparty processing.
For matters regarding your data and your rights, please contact Kantar on dataprotection@kantar.com
We have a Data Protection Officer that can also be contacted via the same email address or you may right to the Data Protection Officer at
Data Protection Officer
Legal
Kantar
South Bank Central
30 Stamford Street
London SE1 9LQ
We are committed to transparent and ethical AI practices that align with Kantar’s Business Principles and all relevant laws. This approach ensures trust, accountability, and compliance throughout our AI journey.
AI ethics guides us to build and use AI responsibly for societal benefit. By clearly defining its purpose, fostering collaboration between humans and AI, and regularly evaluating outcomes and risks, we promote fairness and positive impact.
Effective governance is essential because it provides a clear structure for responsible decision-making, oversight, and accountability within Kantar. We have established a Kantar AI Board and an AI Framework for Responsible Use of AI which lays down policies and guidelines aligned to our ethical standards, legal requirements, and Kantar’s values.
This structured approach helps to anticipate potential risks, encourage transparency, and maintain stakeholder trust. It also supports continuous improvement by adapting governance measures as technology and societal expectations evolve, ultimately safeguarding those impacted by AI systems.
Accountability is a cornerstone of responsible AI implementation at Kantar. It ensures that every technology deployed within the Kantar has a designated owner who is answerable for its outcomes and operation.
This clear assignment of responsibility helps to prevent ambiguity regarding who oversees performance, compliance, and ethical considerations, fostering an environment where issues can be efficiently addressed and improvements enacted proactively.
Each AI technology has an owner to maintain accountability within the organisation.
We feel it’s important to give people information in a transparent fashion regarding our use of AI. This covers both direct users and those who may be influenced by its functioning or outcomes.
For products, Kantar issues Explainability Statements to individuals engaging with or affected by the AI. These statements clarify the AI's operational mechanisms, the data it processes, its capabilities, and limitations, including potential biases, inaccuracies, and circumstances necessitating human judgment.
We strive for fairness in the use of AI. We aim to identify sources of bias, discrimination, or unfairness that may disadvantage individuals or groups. Steps are then taken to address these. This process recognises that the use of accurate and high-quality data may also perpetuate existing conscious or unconscious biases present in society.
Whenever decisions based on AI may affect individuals, we have put in place processes enables users to provide feedback and challenge AI-generated outcomes.
We recognise that AI can present risks to people depending on how it is deployed and what it is designed to do.
Risk assessments play a pivotal role in ensuring the responsible implementation of AI. They provide a structured approach to identifying, evaluating, and prioritising potential risks associated with the deployment and operation of AI technologies.
By systematically assessing these risks, Kantar aim to anticipate and mitigate issues before they escalate, thereby safeguarding the interests of users, stakeholders, and the wider community.
Ultimately, the process strengthens resilience and adaptability, enabling AI to deliver reliable and beneficial outcomes even as technology and societal expectations evolve.
For Kantar, AI literacy is a fundamental skill in today’s rapidly evolving technological landscape. It empowers individuals across the Kantar to confidently interact with AI tools, interpret AI-driven insights, and make informed decisions regarding their use.
By cultivating a baseline understanding of AI concepts, opportunities, and limitations, we enable our teams to harness the benefits of automation, data analytics, and emerging intelligent technologies while remaining vigilant to ethical considerations and potential risks.
In fostering a culture of AI literacy, Kantar is not only preparing its workforce for future challenges but also promoting a sense of agency and responsibility in shaping how AI impacts both our business and the broader community.
For questions on the responsible use of AI at Kantar please contact us via email at [xxx] or write to us at:
Kantar
South Bank Central
30 Stamford Street
London SE1 9LQ
Securing our data is a top priority for our leadership, and our Global Cyber Security (GCS) function is led by our Chief Information Security Officer (CISO). We recognize our role in protecting Kantar and it’s customers, and take this responsibility very seriously.
We are passionate about protecting the most important asset Kantar holds: Data. We work with our businesses, customers and service providers to really understand the eco-system in which we operate, in order to protect the right assets, at the right level, at the right time.
We are passionate about being pragmatic in our approach to securing Kantar. We continuously monitor the threat landscape and enhance our approach to ensure our controls are effective and efficient.
We continuously monitor and enhance our threat and control landscape to ensure we are protecting the right assets, at the right level, and at the right time. And this approach also enables us to react and adapt appropriately to changes in the threat landscape
we see ourselves as an enabler of business capability, not blockers of it. Security is an important part of everything we do at Kantar, so the business can focus on growing and innovating.
We ensure that the foundational security controls are in place, so we can build upon them and enhance our control posture as needed. We have a range of tools and services that we utilize to drive this message forward within the company. These include but are not limited to Policies and standards, Risk Management, Education and Awareness for all colleagues, processes to include security as part of product offerings Threat Intelligence and Incident Response Planning. We have also purchased Cyber Insurance to provide us an extra layer of protection.