Helping you comply with the GDPR / UK Data Protection Act 2018
You will find on this page:
- Guidance notes: a series of downloadable ready-reference guides on key topics relating to data privacy
- News updates: links to news items outlining recent developments
- Other resources: links to BHBIA meeting materials, proformas and FAQs, plus useful links to external organisations
Added Feb 2022: We would like to highlight the IAPP (International Association of Privacy Professionals), the world’s largest information privacy organisation, as a useful source of data privacy resources, including tools and trackers.
Overview
The GDPR (General Data Protection Regulation) is the legal framework in the European Union (EU); it has been incorporated into the UK Data Protection Act 2018. The GDPR/DPA 2018 applies to any individual or organisation who is processing the personal data of EU citizens i.e. data controllers and data processors, who are required to demonstrate that they process personal data in compliance with the GDPR/DPA 2018.
Guidance notes:
Data Privacy Overview
An overview of the main principles and requirements of the GDPR
Download GuideAn explanation of the legal bases for processing personal data available to us under GDPR
Download GuideThis guide summarises the latest guidance and support available when sharing personal data between data controllers.
Download guideHow to determine whether you need one, and if so, how to appoint one
Download GuideConsent and Naming End Client
Details the different consents that might be needed during a primary
market research project and when these consents must be secured
Guidance on how to effectively streamline the capture of consents during the market research process
Download GuideThis update aims to explain clearly and simply the circumstances in which an end client needs to be identified to market research participants.
Download UpdateData Security & Data Transfers
How to assess the risks inherent in your data processing
Download GuideDuring the pandemic there has been a necessary shift away from face-to-face MR and whilst it will likely return post-pandemic, it is probable that a greater proportion of our work will remain online, from research analytics and project management through to fieldwork. Therefore, a heightened sensitivity to online security will be one of our new ‘norms’.
This guide provides some helpful questions members can ask themselves and some practical tips about online security.
Download guideThe use of technology in the workplace to facilitate remote working has surged since the start of 2020, and so has its use in adjusting to the ‘new normal’ as it relates to business intelligence.
This guide provides some helpful questions members can ask themselves when assessing new technology and doing their due diligence before using it on live projects.
Download guideIf you transfer personal data from the UK to countries without adequacy status (e.g. the USA), your organisation needs to be aware that from 21 March 2022 new mechanisms for secure transfers will be introduced in the UK. This guide explains the changes.
Download GuideWhat you need to do to keep personal data secure throughout its processing life
Download GuideData Processing Checklist
How to take stock of the personal data you process
News updates:
- UK-US Data Bridge - Oct 2023
- Changes to UK Data Transfer Mechanisms - Mar 2022
- European Guidance on Data Controllers and Processors - Sep 2021
- UK Data Protection Adequacy Confirmed - Jun 2021
- New EU Standard Contractual Clauses (SCCs) - Jun 2021
Other resources:
Materials from recent meetings (available to full BHBIA members only):
- Navigating Ethics and Compliance in Modern Data Analytics - Jan 2022 - webinar recording and slides
- Brexit and data protection implications - Nov 2020 - webinar recording and slides
Other GDPR resources to help you:
Updated versions of the forms from the appendix section of the Legal and Ethical Guidelines) in Word format for ease of use.
View details / download pro formas
Our Privacy & Data Protection FAQ resource is a selection of real-life GDPR queries from members and the responses from our Ethics Advisor. It supplements the Legal and Ethical Guidelines and the GDPR Guides on this page, but does not cover all topics, so please check the main resources first.
View the FAQThe ICO (Information Commissioner's Office) have made available the training modules on GDPR that they provide for ICO staff as part of their internal training. This could be a useful resource when training your staff on GDPR.
There are 14 modules available covering key topics such as ‘What is Personal Data?’ and they are presented in a user-friendly format, consisting of short slide presentations with audio commentary, each lasting 20-30 minutes.
Access the ICO training resourcesThe IAPP the world’s largest information privacy organisation; most data protection officers are members.
It is as a useful source of data privacy resources, including tools and trackers.
Access the IAPP website