Market Research Organisations - GDPR and Data Protection compliance

PRACTICAL GDPR FOR SMALL MARKET RESEARCH BUSINESSES

THIS PACK IS ONLY SUITABLE FOR THOSE INDIVIDUALS WHO WORK IN SMALL TEAMS (UP TO 3 PEOPLE) OR ON THEIR OWN.

The pack is designed by Lesley Cooley, a Data Protection Officer with 15 years of experience. It has a step by step guide to implementing GDPR in your market research business. There are sample policies, explanatory videos and checklists.

There is access to a facebook group for support and questions and to get further clarification if needed.

Welcome to the Market Research pack

Introduction - start here

GDPR basics

What is Personal Information

What is Personal Information

What is Sensitive Personal Information

Children

Understanding whether you are a Data Processor or Data Controller

Data Processor or Data Controller

Data Controller

Data Processor

Being the middle man (or woman) and what you need to know

Written Agreements – what they need to include

Security Questionnaires and how to respond

Collecting information

Lawful Grounds – including consent and legitimate interests

The ICO and Data Protection Officers

ICO - the Information Commissioners Office

Do you need a Data Protection Officer (DPO)

Marketing and Consent

Email Marketing

Consent - Do you need it?

Collecting Information – how to do this legally

Website Forms and Documents needed to meet the new standard

Keeping Information Securely and Staying Safe – a practical guide with examples

Avoiding a Fine

Encryption and Password Protection – what is needed

Cloud Storage, what will be allowed, and what to look out for

Records and Destruction

Countries in the EEA

Transferring Data

Staying Safe - security of records

Privacy Impact Assessments and how to do them

Subject Access Requests

Subject Access Requests – what are they and how should you respond

What happens when it goes wrong?

Breach notifications – your obligations, timescales and remedies

Research respondent/data subject rights - Data Portability, right to be forgotten, right to object

Data Portability

Right to be Forgotten

Right to object

Profiling

Resources

List of modules

Suggested Retention Schedule

Data Protection Policy

Data Audit sample sheet

Sample consent email opt in wording

Sample consent for interviewees (eg for use on signature sheet/when recruiting)

Security Questionnaires – sample answers

Sample contract clauses for a processor (eg sub contractor such as recruiter/transcription agency/freelancer etc) – what you should be looking for.