The General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 came into full effect on 25 May 2018. We have developed a suite of support materials and resources to help your organisation understand and comply with the new data protection framework.

GDPR in Brief Series

Exclusive to MRS Members and Accredited Company Partners, our data privacy experts have produced the GDPR in Brief Series for interpreting the regulation in the context of the insight sector.

The series includes:

  • GDPR in Brief No.1 – Overview of Data Protection Reform
  • GDPR In Brief No.2 – Compliance Checklist
  • GDPR In Brief No.3 - Data Processors
  • GDPR In Brief No.4 - Data Protection Officer
  • GDPR In Brief No.5 - Informed Consent
  • GDPR In Brief No.6 - Informed Consent Checklist 
  • GDPR In Brief No.7 - Transparent Privacy Information Notices

You can access the GDPR in Brief Series here:

For Individual Membership access click here.
For Company Partner access click here.

General Guidance

MRS has produced a new Guidance Note on Data Protection and Research, to help with your compliance with the new data protection framework introduced by the GDPR and the UK Data Protection Act 2018.

or select your desired chapter from the list below to download a specific topic: 

This section sets out the purpose and structure of this MRS Guidance on Data Protection and Research 2018 and defines key terms in the GDPR.

Download Introduction

This section provides an overview of the relationship between the GDPR and the UK Data Protection Act 2018 and explains significant changes in key data protection concepts for research activities.

Download Overview

This section discusses the data protection principles and key new concepts of accountability, data protection by design and default and pseudonymisation. It explains how these principles should be embedded through the research cycle.

Download Data Protection Principles and Concepts 

This section discusses the legal processing grounds that are appropriate for use in research projects. The grounds discussed are consent of the data subject, the legitimate interests of the data controllers and contractual necessity. Illustrative examples are provided for all the legal grounds discussed.

Download Data Processing Grounds 

This section discusses research by or for public bodies and the research regime that is applicable to scientific research under the UK DPA 2018.

Download Public Interest Research 

 

An earlier 2017 note on the GDPR, interpreting the legal grounds for processing personal data for research purposes is available here: GDPR Guidance Note: Legal grounds for using personal data for research purposes (PDF)

Guidance Notes

Exclusive to MRS Members and Accredited Company Partners, these specialist Guidance Notes provide detailed interpretation and application of the data protection framework to the insight sector.

    • MRS Guidance Note - Controllers and Processors

For Individual Membership access click here.
For Company Partner access click here.

GDPR FAQ

Frequently asked questions on the GDPR is available here:  GDPR FAQ

Training and webinars

As well as the GDPR In Brief guides, MRS also has a range of events and training to help support you and your team with compliance.

GDPR Standards WebinarOn the Starting Blocks, GDPR Q&A with MRS Standards Team
Developed in the lead up to the initial implementation of GDPR, our standards team answer your concerns and highlight the key changes to the data protection landscape. 
Exclusively for MRS Individual members. Watch the webinar here

Outsourced data protection officer service

GDPR allows you to fill the role of a data protection officer (DPO) using an external service provider. Accredited corporate members of MRS can access a tailored DPO service in the company partner area of this website.  

Fair Data trust mark

Don’t forget MRS also offers Fair Data - an accreditation trust mark that allows companies to showcase best practice in data protection. It can help guide you towards GDPR compliance. Plus there are useful resources on the GDPR including:

See the Fair Data compliance timeline
Read Fair Data GDPR blogs

The Privacy and Electronic Communications Regulations 2003 cover the use of unsolicited emails and text messages, and require consent for the use of “cookies” by websites.

MRS has developed detailed guidance on the application of this legislation to market social and opinion research.

Guidelines on the Privacy and Electronic Communications Regulations 2003

Privacy and electronic communications: some key points
  • Unsolicited emails or SMS for marketing purposes cannot be sent without prior consent.
  • Sample for telephone marketing must be screened against the Telephone Preference Service (TPS).
  • There are exemptions for existing relationships.
  • Emails, SMS and telephone calls for research purposes are unaffected.
  • Consent required for use of cookies on websites since May 2011.
Monitoring interviews

Some frequently asked questions on RIPA 2000 (The Regulation of Investigatory Powers Act 2000).

The Freedom of Information Act 2000 applies to information held by, or on behalf of, public authorities.

Research organisations may find themselves drawn into Freedom of Information Act (FOIA) issues in two ways.

Firstly they may have provided information to a public authority. This may be included in tender documents, contacts or research reports. Secondly they may hold information on behalf of the public authority. It may be the case that contractually any work product is the property of the public authority client or that the researcher holds the sole copy of a research report paid for by the public authority.

Our guidelines and FAQ provide detailed advice on the operation of FOIA, including how to deal with requests, and how to help protect sensitive commercial information.

Freedom of Information Act 2000: Guidance

Get the latest MRS news

Our newsletters cover the latest MRS events, policy updates and research news.