GDPR compliance for Market Research

COMPLIANCE PACK

PRACTICAL GDPR FOR SMALL MARKET RESEARCH BUSINESSES

The content, designed by Lesley Cooley, a Data Protection Officer with 15 years of experience, will consist of a step by step practical guide to implementing GDPR in your market research business with practical examples, documentary resources and model policies to enable you to do this.

Materials are in the form of a downloadable document supported by videos that you can log into and watch as needed. There is also be a weekly zoom call to enable you to ask questions and get further clarification if needed.

Welcome to the Market Research pack

Introduction - start here

GDPR basics

What is Personal Information

What is Personal Information

What is Sensitive Personal Information

Children

Understanding whether you are a Data Processor or Data Controller

Data Processor or Data Controller

Data Controller

Data Processor

Being the middle man (or woman) and what you need to know

Written Agreements – what they need to include

Security Questionnaires and how to respond

Collecting information

Lawful Grounds – including consent and legitimate interests

The ICO and Data Protection Officers

ICO - the Information Commissioners Office

Do you need a Data Protection Officer (DPO)

Marketing and Consent

Email Marketing

Consent - Do you need it?

Collecting Information – how to do this legally

Website Forms and Documents needed to meet the new standard

Keeping Information Securely and Staying Safe – a practical guide with examples

Avoiding a Fine

Encryption and Password Protection – what is needed

Cloud Storage, what will be allowed, and what to look out for

Records and Destruction

Countries in the EEA

Transferring Data

Staying Safe - security of records

Privacy Impact Assessments and how to do them

Subject Access Requests

Subject Access Requests – what are they and how should you respond

What happens when it goes wrong?

Breach notifications – your obligations, timescales and remedies

Research respondent/data subject rights - Data Portability, right to be forgotten, right to object

Data Portability

Right to be Forgotten

Right to object

Profiling

Resources

List of modules

Suggested Retention Schedule

Data Protection Policy

Data Audit sample sheet

Sample consent email opt in wording

Sample consent for interviewees (eg for use on signature sheet/when recruiting)

Security Questionnaires – sample answers

Sample contract clauses for a processor (eg sub contractor such as recruiter/transcription agency/freelancer etc) – what you should be looking for.