Privacy & Data Protection

Helping you comply with the GDPR / UK Data Protection Act 2018

GDPR (General Data Protection Regulation) is the new legal framework in the EU that replaces the current EU Data Protection Directive. It took effect on 25th May 2018 and has been incorporated into the UK Data Protection Act 2018.
The GDPR applies to anyone who is collecting, storing and processing the personal data of EU residents i.e. data controllers and data processors, who will be required to demonstrate that they process personal data in compliance with the GDPR.

Click on the links below to see details of our ready reference guides/updates and download the documents (See 'new' notes for the latest items):

Guidance notes:

Includes:

Information about extended data protection guidance that’s available from the UK Information Commissioner’s Office, and 

A look at what's on the horizon:

  • with Brexit looming large you need to understand the data protection implications; 
  • EU standard contractual clauses and the US Privacy Shield are being challenged in the European Courts and may be invalidated;
  • a new ESOMAR/EFAMRO sponsored market research and data analytics GDPR code of conduct is being developed.
Download Update

What you need to do to keep personal data secure throughout its processing life

Download Guide

This update keeps you up to date with the latest government and ICO guidance on the implications of Brexit for data protection and market research. It builds on and replaces the November 2018 bulletin which has now been removed from the list below.

Download Guide

As the UK prepares to leave the EU, this update provides additional guidance on the need to nominate a representative to meet GDPR requirements.

Download Guide


An overview of the main principles and requirements of the GDPR

Download Guide

How to take stock of the personal data you process

Download Guide

How to assess the risks inherent in your data processing

Download Guide

How to determine whether you need one, and if so, how to appoint one

Download Guide

An explanation of the legal bases for processing personal data available to us under GDPR

Download Guide


Details the different consents that might be needed during a primary market research project and when these consents must be secured

Download Guide

Updated versions of the forms from the appendix section of the Legal and Ethical Guidelines) in Word format for ease of use.

View details / download pro formas


Our Privacy & Data Protection FAQ resource is a selection of real-life GDPR queries from members and the responses from our Ethics Advisor. It supplements the Legal and Ethical Guidelines and the GDPR Guides on this page, but does not cover all topics, so please check the main resources first.

View the FAQ