Protecting personal data at NIPO: robust data breach prevention and mitigation

As a highly responsible SaaS provider to market research companies, NIPO, the company behind Nfield, fully understands the importance of protecting personal data and safeguarding against potential data breaches. Alongside our own comprehensive measures to prevent data breaches and swiftly lock down in the event of these being bypassed, we are also committed to helping our clients do all they can to protect their valuable data within the Nfield platform.


NIPO has the following measures in place to prevent data breaches:

  • Encryption – All sensitive data stored in our servers (in the Azure cloud) is encrypted via strong algorithms. This means that even if an attacker gains access to the data, they will not be able to read it without the encryption key.
  • Access Controls – We have strict access controls which ensure only authorized personnel can get into our servers and databases. We also have regular reviews of access rights to make sure they are up-to-date and appropriate.
  • Network Security – We have robust network security measures in place, including firewalls, intrusion detection and prevention systems, and other security tools. These help us to detect external threats and prevent malicious parties from gaining access to our network and systems. Nfield runs in the Microsoft Azure cloud, which is, itself, highly secure and monitored 24/7 by Microsoft’s own engineers.
  • Security Measures for Programming Code – Like many other organizations, we use a variety of security tools to check our programming code and test it for security vulnerabilities. In addition to these, we also have security checks carried out by external third-parties, such as Secura, to ensure our code is thoroughly tested and secure.


Secura is a well-known and trusted company that specializes in providing cybersecurity services to organizations around the world, and we use their expertise to identify any potential loopholes in our code. By leveraging a combination of manual and automated testing techniques, Secura helps ensure Nfield’s code is secure and can withstand potential attacks from cybercriminals. This approach to security ensures that Nfield can maintain the highest standards of data protection for our customers.

  • Employee Training – We provide our employees with regular training and awareness programs to ensure they are kept up-to-date on the latest security threats and how to prevent them. This includes training on topics such as phishing emails, social engineering attacks, and password security.

Data breach handling

In the unlikely event of a data breach, NIPO has a dedicated incident response team that follows a well-defined plan to mitigate the impact. This plan includes the following steps:

  • Investigation – We immediately launch an investigation to determine the cause and extent of the breach.
  • Containment – Once we have identified the source of the breach, we take immediate steps to contain it and prevent any further unauthorized access to our systems.
  • Notification – We notify any affected clients and regulatory authorities as required by law or contractual obligations. We are committed to being transparent and open with our clients about any potential security incidents.
  • Remediation – We take steps to remediate any damage caused by the breach, such as restoring backups or implementing new security measures. We also conduct a post-incident review to identify any lessons learned and make improvements to our security measures.

What you can do to protect your respondent data

It is also vitally important that market researchers implement all available measures to protect respondents’ personal data and adhere to GDPR, or other applicable local regulations. At NIPO, we provide resources to help our clients with this, including our GDPR and Nfield Toolkit.

Here are some other simple steps you can take, which include making use of tools and features included in our Nfield platform:

  • Data Minimization – Collect only the minimum amount of personal data necessary for each research project. Once you have it, this data should only be kept for as long as absolutely necessary, and then securely disposed of.

    We also advise clients to store personal identifiers in the sample table, which will enable you to easily delete sample data from the survey by pseudonymizing or anonymizing it. You can do this for all the sample data, for only specific sample data fields, for all interviews, or for a selection of interviews. This allows you to maintain detailed management of which data you keep in Nfield.

    Recently, we also introduced a new automatic survey clean-up feature into Nfield, which deletes inactive surveys that have reached their expiration date. For information about this, see keeping Nfield domains clean helps clients ensure compliance, security, and efficient working.
  • Use Two-Factor Authentication (2FA) – This gives accounts an extra layer of security, so that even if an attacker does obtain a password, they still won’t be able to gain access because they won’t have the second code necessary. Read Protecting your Nfield login with two-factor authentication.
  • Use the latest Anti-Virus Software – Installing and keeping anti-virus software up-to-date can help protect against malware and other security threats.
  • Be Security-Aware – Market researchers should be aware of the latest security threats, such as phishing emails, and take steps to avoid them. This includes not clicking on suspicious links or downloading attachments from unknown sources.

Committed to protecting data

At NIPO, we are committed to protecting personal data and safeguarding against potential data breaches. By implementing a comprehensive security strategy and incident response plan, we are prepared to handle any potential security incidents quickly and effectively. We also provide resources and guidance to help our customers protect themselves and adhere to GDPR regulations. With our commitment to data security, NIPO remains a trusted partner for market researchers looking to conduct research in a secure and compliant manner.

IMPORTANT: suspected data breach?

If you suspect a data breach or security incident related to your use of NIPO’s services, please report it immediately by contacting our Data Protection Officer at Reporting a suspected data breach promptly helps us to take swift action to contain and mitigate the impact of the incident. We take all reports of data breaches seriously and have a dedicated team in place to investigate and respond to incidents as quickly as possible.