Privacy & Data Protection

Helping you comply with the GDPR / UK Data Protection Act 2018


Brexit latest: 
European Commission’s Draft Data Adequacy Decisions (February 2021)

The European Commission (EC) has issued draft adequacy decisions which set out that the UK should be found ‘adequate’ - click here for more details


The GDPR (General Data Protection Regulation) is the legal framework in the European Union (EU); it has been incorporated into the UK Data Protection Act 2018. The GDPR/DPA 2018 applies to any individual or organisation who is processing the personal data of EU citizens  i.e. data controllers and data processors, who are required to demonstrate that they process personal data in compliance with the GDPR/DPA 2018.

You will find on this page: 
  1. Guidance notes: a series of downloadable ready-reference guides on key topics relating to data privacy
  2. News updates: links to news items outlining recent developments 
  3. Other resources: links to BHBIA meeting materials, proformas and FAQs
Guidance notes:

Click on the links below to see details of our ready reference guides/updates and download the documents:

During the pandemic there has been a necessary shift away from face-to-face MR and whilst it will likely return post-pandemic, it is probable that a greater proportion of our work will remain online, from research analytics and project management through to fieldwork. Therefore, a heightened sensitivity to online security will be one of our new ‘norms’.

This guide provides some helpful questions members can ask themselves and some practical tips about online security.

Download guide

The use of technology in the workplace to facilitate remote working has surged since the start of 2020, and so has its use in adjusting to the ‘new normal’ as it relates to business intelligence.

This guide provides some helpful questions members can ask themselves when assessing new technology and doing their due diligence before using it on live projects.

Download guide

This guide summarises the latest guidance and support available when sharing personal data between data controllers. 

Download guide

This update aims to explain clearly and simply the circumstances in which an end client needs to be identified to market research participants.

Download Update

This update keeps you up to date with the latest government and ICO guidance on the implications of Brexit for data protection and market research. 

Download Guide

As the UK prepares to leave the EU, this update provides additional guidance on the need to nominate a representative to meet GDPR requirements.

Download Guide


An overview of the main principles and requirements of the GDPR

Download Guide

How to take stock of the personal data you process

Download Guide

How to assess the risks inherent in your data processing

Download Guide

How to determine whether you need one, and if so, how to appoint one

Download Guide

An explanation of the legal bases for processing personal data available to us under GDPR

Download Guide


Details the different consents that might be needed during a primary market research project and when these consents must be secured

Download Guide

What you need to do to keep personal data secure throughout its processing life

Download Guide

Updated versions of the forms from the appendix section of the Legal and Ethical Guidelines) in Word format for ease of use.

View details / download pro formas


Our Privacy & Data Protection FAQ resource is a selection of real-life GDPR queries from members and the responses from our Ethics Advisor. It supplements the Legal and Ethical Guidelines and the GDPR Guides on this page, but does not cover all topics, so please check the main resources first.

View the FAQ