MRS Company Partners have access to an exclusive group, the Operations Network. This Network holds free quarterly meetings to discuss a variety of topics to help your organisation. It is a great opportunity to network and learn new things.

1. MRS Operations Network
MRS Code of Conduct – Key
Changes Consultation
22 January 2019
Julie Corney
MRS Standards & Compliance
Manager

2. Topics to be covered this
evening
About the MRS Code
Why we are consulting on the MRS Code of Conduct
The key changes to the MRS Code of Conduct
How can you get involved in the consultation process
Q&As
2

3. About the Code…
MRS adopted its first self-regulatory Code in 1954 and the current version of the MRS
Code of Conduct came into effect on 1 September 2014.
Historically, the Code was created to support all those engaged in research and insight
in maintaining professional standards. It covered practitioners’ activities from inception
to design and from execution to use of data in research activities. In recognition of the
expansion of activities by practitioners, beyond research, the Code was also expanded
to cover all professional activities undertaken by members and Company Partners.
The Code is technology and methodology neutral. It sets out overarching ethical
principles supported by rules of conduct. Drawn up by practitioners for practitioners, the
Code helps to protect suppliers, clients and participants. It safeguards standards,
promotes confidence and champions professionalism.
3

4. Why are we consulting on
the MRS Code of Conduct?
MRS is committed to keeping the Code under regular review to ensure that it
continues to be fit for purpose in setting high standards for best practice in the
research sector.
We conduct a Code consultation with individual members, accredited Company
Partners and other interested stakeholders on any major changes to the Code.
Revisions have been made to the current Code to reflect evolving ethical best
practice and recent significant changes in the data protection framework. The
changes also seek to ensure that the Code keeps pace with the accelerated speed
and progress of technological development and data use.
4

5. What are the key changes
to the MRS Code of
Conduct?
The content of the Code including the principles, definitions and rules have all
been thoroughly reviewed and revised to reflect national and international
developments in best practice in ethics and privacy including the revised data
protection framework under the EU General Data Protection Regulation 2016
(GDPR) and the UK Data Protection Act 2018.
5

6. Broader scope and
coverage
The scope of the Code has been broadened in order to better reflect and promote
the rights of participants and individuals as well as protect the reputation of all
professional activities conducted by members and Company Partners.
In reflecting the new data protection framework, developments in digital
technology and respect for the rights of participants and individuals, the Code now
specifically:
• covers all activities of members and Company Partners whether engaged
in research, data analytics or other data collection activities;
• provides greater clarity on prohibited misleading activities such as
selling, fundraising or political lobbying under the guise of research; and
• recognises a range of lawful processing grounds for the collection of
primary data or the further use of personal data for secondary purposes.
6

7. Expanded principles
The Code principles have been expanded from 10 principles to 12 principles to:
• include the new GDPR principle on privacy by design and default;
• reflect strengthened data subject rights such as transparency of
information and processing;
• broaden the level of protection and the categories of persons covered by
the Code by focusing more broadly on individuals rather than research
participants; and
• incorporate strengthened accountability and documentation GDPR
requirements.
7

8. Clarification and revision
of definitions
The definitions used in the Code have been clarified and revised including changes
made to:
• mirror the definitions of data protection terms and concepts as used in
the GDPR;
• reflect our understanding of new GDPR requirements, such as data
accountability;
• broaden the categories of data collection covered under the Code; and
• clarify the category of individuals considered vulnerable under the Code.
8

9. Revision of substantive
rules
The substantive rules of the Code have been also revised and expanded. The Code
is now divided into three main sections with sub-sections that follow a research
cycle for data collection, analysis and reporting.
Lets look at these key changes as follows.
9

10. Revision of substantive
rules
General Rules of Professional Conduct
Awareness and Adherence with Legislation
Rule 1 – changed to reference Data Protection Act 2018 in the UK and GDPR
Rule 2 - now addresses following relevant legal and ethical requirements which
apply to direct marketing practice
Rule 3 - all professional activities conducted in a transparent manner and
compliant with privacy ethics and data protection rules
Rule 4 – must not undertake any form of selling, fundraising, political lobbying
under the guise of research
10

11. Revision of substantive
rules
Commissioning and Design
A large section of the new Code, comprised of the following new sub-headings:
Client confidentiality
Rule 15 - must disclose the identity of clients where there is a legal obligation to
do so. Existing wording is not to disclose the identity of clients without
the client’s permission unless there is a legal obligation to do so
Rule 16 – where files of identifiable individuals are used e.g., client databases,
Members must ensure that the sources of the personal data is revealed
at an appropriate point in the data collection.
11

12. Revision of substantive
rules
Commissioning and Design
Vulnerable people
A new section to tie into MRS Best Practice Guide on Research Participant
Vulnerability and underline the importance for member’s professional activities to
be widely accessible
Rule 24 - Members must take reasonable steps to assess, identify and take into
account the particular needs of vulnerable people involved in their professional
activities.
Rule 25 - When working with vulnerable people, Members must ensure that such
individuals are capable of making informed decisions and are not unfairly
pressured to cooperate and that they are given an opportunity to decline to take
part.
12

13. Revision of substantive
rules
Commissioning and Design
Data Collection
A new rule has been added to this section as follows:
Rule 32 – Members must exercise special care when the nature of the project is
sensitive or the circumstances under which the data was collected
might cause a participant to become upset or disturbed
13

14. Revision of substantive
rules
Commissioning and Design
Consent
Rule 39 – providing sufficient information to allow consent to be given. Two new
bullet points have been added under this rule to cover the type of data being
collected, particularly special category and/or criminal convictions data and the
right to withdraw consent at any time.
The bullet point about informing participants of the likely length in minutes of the
data collection, has been firmed up by removing ‘if requested’.
This rule reinforces the requirement to mention that the activity is being collected
in accordance with the MRS Code, DPA 2018 and/or local data protection
legislation for non-UK activities.
14

15. Revision of substantive
rules
Commissioning and Design
Use of Data for Secondary Purposes
A new section to address secondary data use as defined in the new data
protection legislation
Rule 43 – Members must ensure that there is a lawful basis for the further
processing of data for a secondary purpose. This may include consideration of:
a) Links between the original and proposed new purpose/s
b) The context in which the data was originally collected (in particular the
relationship between participants and the original data collector)
c) The consequences of the proposed secondary processing
d) The existence of safeguards
15

16. Revision of substantive
rules
• General Rules of Data Accountability:
o Data Security
o Participant anonymity
o Reporting
16

17. Revision of substantive
rules
General Rules of Data Accountability
Data Security
This section has been rewritten as follows:
Rule 46 - Members must take reasonable action to ensure that all records held,
transferred and processed securely in accordance with relevant data
retention policies and or/contractual obligations.
Rule 47 - Members must take reasonable action to ensure that all parties involved
in a project are aware of their obligations regarding the retention,
security, disposal and destruction of data.
17

18. Revision of substantive
rules
General Rules of Data Accountability
Data Security
Rule 48 - Members must ensure that the length of time, or criteria, for retaining
personal data is clearly communicated to all relevant parties including
participants, sub-contractors and clients.
Rule 49 - Members must take reasonable action to ensure that the destruction of
data is adequate for the confidentiality of the data being destroyed. For
example, any personal data must be destroyed in a manner which
safeguards confidentiality.
18

19. Improved readability and
usability
It is important that practitioners can easily understand, access and use the Code
and that the Code is also easily accessible to members of the public. In light of
this, the revised Code has been designed to improve overall readability and
usability. This includes improved accessibility with changes to style and
presentation and clickable symbols which link through to specific MRS guidance on
the main sections and sub-sections. These changes have been made to enhance
the user experience and ease user navigation around the full suite of resources
available on the MRS website.
19

20. How can you get involved
in the consultation
process?
We are seeking views on the revised Code from MRS Company Partners and individual MRS Members. We
also welcome views from other interested stakeholders especially those representing the interests of
individuals, research participants or users of research.
This consultation began on 14 January 2019 and will run for 12 weeks until 8 April 2019. Responses should
be submitted by post or email by no later than 5 pm (UK time) on 8 April 2019 and should be sent to:
MRS Code of Conduct Consultation
The Old Trading House
15th Northburgh Street
London
EC1V 0JR
Or email: codeconsultation@mrs.org.uk
It would be helpful if when commenting on the consultation, you are able to provide reasons and any
supporting information or evidence.
20

21. MRS Roadshows 2019
The MRS team will take to the road again in 2019, presenting at member
Roadshows around the country. Updates to the MRS Code of Conduct will be
covered and questions on the consultation will be welcomed.
London - Thursday 24 Jan
Birmingham - Thursday 31 Jan
Cardiff - Tuesday 5 February
Leeds - Wednesday 20 February
Edinburgh - Tuesday 5 March
MRS members and Accredited Company Partners can attend the Roadshows for
free.
21

22. What else is MRS doing?
MRS Guidance Note on Collecting Data on Sex and Gender
ONS has performed an equality impact assessment for the 2021 Census and
propose to have a new question on gender identity for individuals aged 16 years
and over, alongside the existing question on sex. ONS has conducted extensive
research in this regard and identified several issues requiring further discussion
and clarity.
MRS is one of the stakeholders who will be contributing to a special interest group
set up by ONS, the findings of which will inform the revision to the MRS Guidance
Note.
22

23. What else is MRS doing?
MRS Guidelines for Research with Children and Young People
The new data protection legislation has brought in some changes regarding
researching children, notably that privacy notices must be presented in such a
way that is understood by the child.
MRS is in discussions with ESOMAR and other stakeholders to promote greater
understanding of key issues surrounding researching children, such as the
definition of a child, what defines a responsible adult and what the responsible
adult must be told when their consent for the child to participate is being sought.
23

24. What else is MRS doing?
Brexit Hub
With the EU stressing the importance of a deal, and adequacy-plus, to guarantee continued
cross-border data flows, MRS continues to work with the Advertising Association (AA) and
other stakeholders in lobbying the UK government for GDPR data adequacy arrangement.
Continued cross-border data flows after Brexit will be critical for the sector and MRS continues
to work with a range of stakeholders in lobbying the UK government for a GDPR data
adequacy arrangement that will ensure continued data transfers between the EU and the UK.
However, with the ongoing uncertainty around the Brexit negotiations MRS members need to
start thinking about contingency planning for data flows in the event of a no-deal Brexit.
Our new Brexit Hub has the latest news, position statements and general advice for members.
24

25. What happens after the
consultation is finished?
We will acknowledge receipt of all responses received on the Code Consultation.
Once the feedback received during the consultation period has been reviewed we
will publish a consultation summary and final version of the MRS Code of Conduct.
We will publish the final version of the Code on the MRS website during Summer
2019 and it is expected to take effect on 1 September 2019.
Any personal data you provide to us in responding to this consultation will be
processed by MRS, as controller, in line with the General Data Protection
Regulation 2016 (GDPR) and the Data Protection Act 2018.
The MRS privacy policy is available on the MRS website or a written copy upon
request.
25

26. Thank you
Any questions?
Codeline@mrs.org.uk