PRACTICAL GDPR FOR SMALL MARKET RESEARCH BUSINESSES
THIS PACK IS ONLY SUITABLE FOR THOSE INDIVIDUALS WHO WORK IN SMALL TEAMS (UP TO 3 PEOPLE) OR ON THEIR OWN.
The pack is designed by Lesley Cooley, a Data Protection Officer with 15 years of experience. It has a step by step guide to implementing GDPR in your market research business. There are sample policies, explanatory videos and checklists.
There is access to a facebook group for support and questions and to get further clarification if needed.
Welcome to the Market Research pack
Introduction - start here
GDPR basics
What is Personal Information
What is Personal Information
What is Sensitive Personal Information
Children
Understanding whether you are a Data Processor or Data Controller
Data Processor or Data Controller
Data Controller
Data Processor
Being the middle man (or woman) and what you need to know
Written Agreements – what they need to include
Security Questionnaires and how to respond
Collecting information
Lawful Grounds – including consent and legitimate interests
The ICO and Data Protection Officers
ICO - the Information Commissioners Office
Do you need a Data Protection Officer (DPO)
Marketing and Consent
Email Marketing
Consent - Do you need it?
Collecting Information – how to do this legally
Website Forms and Documents needed to meet the new standard
Keeping Information Securely and Staying Safe – a practical guide with examples
Avoiding a Fine
Encryption and Password Protection – what is needed
Cloud Storage, what will be allowed, and what to look out for
Records and Destruction
Countries in the EEA
Transferring Data
Staying Safe - security of records
Privacy Impact Assessments and how to do them
Subject Access Requests
Subject Access Requests – what are they and how should you respond
What happens when it goes wrong?
Breach notifications – your obligations, timescales and remedies
Research respondent/data subject rights - Data Portability, right to be forgotten, right to object
Data Portability
Right to be Forgotten
Right to object
Profiling
Resources
List of modules
Suggested Retention Schedule
Data Protection Policy
Privacy Policy for the website
Data Audit sample sheet
Sample consent email opt in wording
Sample consent for interviewees (eg for use on signature sheet/when recruiting)
Security Questionnaires – sample answers
Sample contract clauses for a processor (eg sub contractor such as recruiter/transcription agency/freelancer etc) – what you should be looking for.