MRS Company Partners have access to an exclusive group, the Operations Network. This Network holds free quarterly meetings to discuss a variety of topics to help your organisation. It is a great opportunity to network and learn new things.
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
Leading employment lawyer Pam Loch, and digital expert Katie King share their advice on how to get to grips with the topic of the moment - GDPR.
They look at who is liable, the impact of Brexit, how it affects marketing and what steps you can take to prepare.
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
Leading employment lawyer Pam Loch, and digital expert Katie King share their advice on how to get to grips with the topic of the moment - GDPR.
They look at who is liable, the impact of Brexit, how it affects marketing and what steps you can take to prepare.
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
This presentation reviews GDPR at a high level, and presents the core philosophy behind GDPR as well as the key concepts and key elements to consider in your data protection program.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
Data breaches, privacy programs and what will change for processorsExove
Data breaches, privacy programs and what will change for processors, Tobias Bräutigam, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
Learn how to quickly and cost effectively meet 5 critical General Data Protection Regulation (GDPR) requirements for structured data with Teleran's Data Protection and Compliance solution. Teleran's solution addresses these key GDPR mandates: Impact Assessments, Purpose Limitation, Data Security, Accountability and Documentation, and Breach Notification. Teleran’s software solution delivers integrated sensitive data discovery, audit and controls. There is little time left to address GDPR. Flexibility, automation, integration and flexibility are key to getting there quickly and cost efficiently.
Webianr: GDPR: How to build a data protection frameworkLeigh Hill
Are you ready for the General Data Protection Regulation (GDPR)?
With the GDPR deadline less than two years away, the pressure is on for organizations to understand how they will comply. Proper data management is part of the answer, but tying these efforts into a data governance framework to manage data protection is key to meeting – and sustaining – GDPR compliance.
In this webinar we will discuss:
-What GDPR is and the impact it has on data management
-Why a sustainable framework is key to getting GDPR right
-The five steps to establishing a data protection framework
-How to ensure ongoing compliance
This presentation was prepared to accompany my talk at Montreal All Girls Hack Night.
I think that Data and Privacy should be the foundation for all businesses moving forward to maintain a healthy Digital life for everyone.
General Data Protection Regulation plays a great role in to enforcing such acts that ensure Data Protection and Privacy of the users. GDPR is a very brief topic, but in this presentation I will share with you some core values of GDPR and some basic actions that you can take to make your business compliant to GDPR.
Note: This is not a legal advice. This information is collected from different resources. All the guides and resources used in the presentation are listed below.
Important Definitions and Notes from the presentation:
GDPR
The General Data Protection Regulation (GDPR) (EU) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
This presentation reviews GDPR at a high level, and presents the core philosophy behind GDPR as well as the key concepts and key elements to consider in your data protection program.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
Data breaches, privacy programs and what will change for processorsExove
Data breaches, privacy programs and what will change for processors, Tobias Bräutigam, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
Learn how to quickly and cost effectively meet 5 critical General Data Protection Regulation (GDPR) requirements for structured data with Teleran's Data Protection and Compliance solution. Teleran's solution addresses these key GDPR mandates: Impact Assessments, Purpose Limitation, Data Security, Accountability and Documentation, and Breach Notification. Teleran’s software solution delivers integrated sensitive data discovery, audit and controls. There is little time left to address GDPR. Flexibility, automation, integration and flexibility are key to getting there quickly and cost efficiently.
Webianr: GDPR: How to build a data protection frameworkLeigh Hill
Are you ready for the General Data Protection Regulation (GDPR)?
With the GDPR deadline less than two years away, the pressure is on for organizations to understand how they will comply. Proper data management is part of the answer, but tying these efforts into a data governance framework to manage data protection is key to meeting – and sustaining – GDPR compliance.
In this webinar we will discuss:
-What GDPR is and the impact it has on data management
-Why a sustainable framework is key to getting GDPR right
-The five steps to establishing a data protection framework
-How to ensure ongoing compliance
This presentation was prepared to accompany my talk at Montreal All Girls Hack Night.
I think that Data and Privacy should be the foundation for all businesses moving forward to maintain a healthy Digital life for everyone.
General Data Protection Regulation plays a great role in to enforcing such acts that ensure Data Protection and Privacy of the users. GDPR is a very brief topic, but in this presentation I will share with you some core values of GDPR and some basic actions that you can take to make your business compliant to GDPR.
Note: This is not a legal advice. This information is collected from different resources. All the guides and resources used in the presentation are listed below.
Important Definitions and Notes from the presentation:
GDPR
The General Data Protection Regulation (GDPR) (EU) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
Applying Baseline Technical Measures for Managing Data Privacy IN the Cloud a...ACCASecretariat
The paper offers guidance on applying baseline technical measures to manage data privacy in the cloud. It aims at providing an approach to help system designers, architects and data privacy compliance stakeholders adapt to current, new, or future industry-specific and national regulations in different markets.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Key additions and amendments introduced under the CPRAVISTA InfoSec
On November 3rd, 2020, the California Privacy Right Act was passed as the latest version of the California Consumer Privacy Act which recently came into effect on the 1st of July, 2020. CPRA brings significant amendments and additions to the rules of Data Privacy outlined in the CCPA Compliance. Declaring its enforcement in 2023, the CPRA introduced some new concepts to Data Privacy in California. With new additions and amendments, the CPRA bridges certain potential loopholes in the previous version of CCPA, making the law stringent. Further, introducing the amendments and new additions to the provision has taken this Data Privacy law closer to the EU’s GDPR standard. Let us today through this article take a look at the new provisions introduced and understand the amendments in the Data Privacy Standard.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
European Union Privacy Law - General Data Protection Regulation ChecklistChristina Gagnier
Get ready for GDPR compliance. Our firm has created this European Union Privacy Law - General Data Protection Regulation Checklist to jumpstart the process. Contact @gamallp or Christina Gagnier at gagnier@gamallp.com to learn more.
Embracing Digital Convergence amid Regulatory-Driven OverhaulsCognizant
Facing a wave of regulatory changes, including EU's General Data Protection Regulation (GDPR), banks and other financial institutions are wise to coordinate regulatory implementation with digital transformation to deliver value throughout their ecosystem.
General Data Protection Regulation (GDPR) Complianceaccenture
Whether you are at the beginning of your journey, or are already mid-way through, this document presents the key GDPR themes, priority areas, and business opportunities, which we feel are important considerations for any GDPR programme.
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
The scope of vendor or third-party requirements has significantly grown due to the global pandemic we’re living in. Not only are you working to ensure your vendor management efforts will result in compliance with GDPR, CCPA and other privacy regulations, now you must consider privacy risks associated with COVID-19.
Regulations have specific provisions that address vendors and extend companies’ data privacy obligations throughout their supply chains. Organizations need to be able to collect, maintain and track critical data for ongoing vendor management in order to properly evaluate, monitor and track their status.
This webinar will provide:
-Overview of privacy laws and regulations (i.e., CCPA, GDPR) and corresponding vendor and third-party requirements
-Summary of vendor management processes and how they can be supplemented to specifically address data privacy and security risks
-Best practices for managing data privacy in your vendor network
-Guidance on how to build & manage your vendor privacy management program with practical solutions
Top 10 Clauses for CCPA Compliance For Your Vendor ContractsAavenir
How do your Contracts get impacted due to implementation for CCPA in California? How different is that from GDPR?
1. Questions the companies should ask themselves on data policies
2. What clauses can companies start applying to vendor contracts?
3. Compliance Costs and Penalties
Courtesy: Jesal Mehta, Founder and CEO, Aavenir
Data Privacy Laws: A Global Overview and Compliance StrategiesShyamMishra72
Data privacy laws and regulations vary from one country or region to another, creating a complex landscape for businesses that operate internationally. To maintain compliance with data privacy laws and protect individuals' personal information, organizations need to understand and navigate the legal requirements. Here is a global overview of some key data privacy laws and compliance strategies:
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
The General Data Protection Regulation (GDPR) represents significant challenges for financial institutions to comply with the new data processing and record keeping requirements. This Accenture Finance & Risk presentation explores the impact of GDPR on Canadian firms, including lessons learned from our work with clients and knowledge gained that can be used for an effective GDPR journey.
Radio 4 has long been a leader in intelligent content; the smart, stimulating factual content that makes you think differently about the world. However, the world of intelligent content is evolving and growing rapidly. Maintaining its strong heritage meant evolving the types of factual stories it tells and the way it tells them. That’s easily said but much harder to achieve. What is it exactly that makes factual content feel modern?
Peter Zezulka will explain how BBC Audiences worked alongside the editorial team and Flamingo Semiotics to get a picture of the world of intelligent content and understand the topics, tone and treatments that create modern-feeling content.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
2. Topics to be covered this
evening
About the MRS Code
Why we are consulting on the MRS Code of Conduct
The key changes to the MRS Code of Conduct
How can you get involved in the consultation process
Q&As
2
3. About the Code…
MRS adopted its first self-regulatory Code in 1954 and the current version of the MRS
Code of Conduct came into effect on 1 September 2014.
Historically, the Code was created to support all those engaged in research and insight
in maintaining professional standards. It covered practitioners’ activities from inception
to design and from execution to use of data in research activities. In recognition of the
expansion of activities by practitioners, beyond research, the Code was also expanded
to cover all professional activities undertaken by members and Company Partners.
The Code is technology and methodology neutral. It sets out overarching ethical
principles supported by rules of conduct. Drawn up by practitioners for practitioners, the
Code helps to protect suppliers, clients and participants. It safeguards standards,
promotes confidence and champions professionalism.
3
4. Why are we consulting on
the MRS Code of Conduct?
MRS is committed to keeping the Code under regular review to ensure that it
continues to be fit for purpose in setting high standards for best practice in the
research sector.
We conduct a Code consultation with individual members, accredited Company
Partners and other interested stakeholders on any major changes to the Code.
Revisions have been made to the current Code to reflect evolving ethical best
practice and recent significant changes in the data protection framework. The
changes also seek to ensure that the Code keeps pace with the accelerated speed
and progress of technological development and data use.
4
5. What are the key changes
to the MRS Code of
Conduct?
The content of the Code including the principles, definitions and rules have all
been thoroughly reviewed and revised to reflect national and international
developments in best practice in ethics and privacy including the revised data
protection framework under the EU General Data Protection Regulation 2016
(GDPR) and the UK Data Protection Act 2018.
5
6. Broader scope and
coverage
The scope of the Code has been broadened in order to better reflect and promote
the rights of participants and individuals as well as protect the reputation of all
professional activities conducted by members and Company Partners.
In reflecting the new data protection framework, developments in digital
technology and respect for the rights of participants and individuals, the Code now
specifically:
• covers all activities of members and Company Partners whether engaged
in research, data analytics or other data collection activities;
• provides greater clarity on prohibited misleading activities such as
selling, fundraising or political lobbying under the guise of research; and
• recognises a range of lawful processing grounds for the collection of
primary data or the further use of personal data for secondary purposes.
6
7. Expanded principles
The Code principles have been expanded from 10 principles to 12 principles to:
• include the new GDPR principle on privacy by design and default;
• reflect strengthened data subject rights such as transparency of
information and processing;
• broaden the level of protection and the categories of persons covered by
the Code by focusing more broadly on individuals rather than research
participants; and
• incorporate strengthened accountability and documentation GDPR
requirements.
7
8. Clarification and revision
of definitions
The definitions used in the Code have been clarified and revised including changes
made to:
• mirror the definitions of data protection terms and concepts as used in
the GDPR;
• reflect our understanding of new GDPR requirements, such as data
accountability;
• broaden the categories of data collection covered under the Code; and
• clarify the category of individuals considered vulnerable under the Code.
8
9. Revision of substantive
rules
The substantive rules of the Code have been also revised and expanded. The Code
is now divided into three main sections with sub-sections that follow a research
cycle for data collection, analysis and reporting.
Lets look at these key changes as follows.
9
10. Revision of substantive
rules
General Rules of Professional Conduct
Awareness and Adherence with Legislation
Rule 1 – changed to reference Data Protection Act 2018 in the UK and GDPR
Rule 2 - now addresses following relevant legal and ethical requirements which
apply to direct marketing practice
Rule 3 - all professional activities conducted in a transparent manner and
compliant with privacy ethics and data protection rules
Rule 4 – must not undertake any form of selling, fundraising, political lobbying
under the guise of research
10
11. Revision of substantive
rules
Commissioning and Design
A large section of the new Code, comprised of the following new sub-headings:
Client confidentiality
Rule 15 - must disclose the identity of clients where there is a legal obligation to
do so. Existing wording is not to disclose the identity of clients without
the client’s permission unless there is a legal obligation to do so
Rule 16 – where files of identifiable individuals are used e.g., client databases,
Members must ensure that the sources of the personal data is revealed
at an appropriate point in the data collection.
11
12. Revision of substantive
rules
Commissioning and Design
Vulnerable people
A new section to tie into MRS Best Practice Guide on Research Participant
Vulnerability and underline the importance for member’s professional activities to
be widely accessible
Rule 24 - Members must take reasonable steps to assess, identify and take into
account the particular needs of vulnerable people involved in their professional
activities.
Rule 25 - When working with vulnerable people, Members must ensure that such
individuals are capable of making informed decisions and are not unfairly
pressured to cooperate and that they are given an opportunity to decline to take
part.
12
13. Revision of substantive
rules
Commissioning and Design
Data Collection
A new rule has been added to this section as follows:
Rule 32 – Members must exercise special care when the nature of the project is
sensitive or the circumstances under which the data was collected
might cause a participant to become upset or disturbed
13
14. Revision of substantive
rules
Commissioning and Design
Consent
Rule 39 – providing sufficient information to allow consent to be given. Two new
bullet points have been added under this rule to cover the type of data being
collected, particularly special category and/or criminal convictions data and the
right to withdraw consent at any time.
The bullet point about informing participants of the likely length in minutes of the
data collection, has been firmed up by removing ‘if requested’.
This rule reinforces the requirement to mention that the activity is being collected
in accordance with the MRS Code, DPA 2018 and/or local data protection
legislation for non-UK activities.
14
15. Revision of substantive
rules
Commissioning and Design
Use of Data for Secondary Purposes
A new section to address secondary data use as defined in the new data
protection legislation
Rule 43 – Members must ensure that there is a lawful basis for the further
processing of data for a secondary purpose. This may include consideration of:
a) Links between the original and proposed new purpose/s
b) The context in which the data was originally collected (in particular the
relationship between participants and the original data collector)
c) The consequences of the proposed secondary processing
d) The existence of safeguards
15
16. Revision of substantive
rules
• General Rules of Data Accountability:
o Data Security
o Participant anonymity
o Reporting
16
17. Revision of substantive
rules
General Rules of Data Accountability
Data Security
This section has been rewritten as follows:
Rule 46 - Members must take reasonable action to ensure that all records held,
transferred and processed securely in accordance with relevant data
retention policies and or/contractual obligations.
Rule 47 - Members must take reasonable action to ensure that all parties involved
in a project are aware of their obligations regarding the retention,
security, disposal and destruction of data.
17
18. Revision of substantive
rules
General Rules of Data Accountability
Data Security
Rule 48 - Members must ensure that the length of time, or criteria, for retaining
personal data is clearly communicated to all relevant parties including
participants, sub-contractors and clients.
Rule 49 - Members must take reasonable action to ensure that the destruction of
data is adequate for the confidentiality of the data being destroyed. For
example, any personal data must be destroyed in a manner which
safeguards confidentiality.
18
19. Improved readability and
usability
It is important that practitioners can easily understand, access and use the Code
and that the Code is also easily accessible to members of the public. In light of
this, the revised Code has been designed to improve overall readability and
usability. This includes improved accessibility with changes to style and
presentation and clickable symbols which link through to specific MRS guidance on
the main sections and sub-sections. These changes have been made to enhance
the user experience and ease user navigation around the full suite of resources
available on the MRS website.
19
20. How can you get involved
in the consultation
process?
We are seeking views on the revised Code from MRS Company Partners and individual MRS Members. We
also welcome views from other interested stakeholders especially those representing the interests of
individuals, research participants or users of research.
This consultation began on 14 January 2019 and will run for 12 weeks until 8 April 2019. Responses should
be submitted by post or email by no later than 5 pm (UK time) on 8 April 2019 and should be sent to:
MRS Code of Conduct Consultation
The Old Trading House
15th Northburgh Street
London
EC1V 0JR
Or email: codeconsultation@mrs.org.uk
It would be helpful if when commenting on the consultation, you are able to provide reasons and any
supporting information or evidence.
20
21. MRS Roadshows 2019
The MRS team will take to the road again in 2019, presenting at member
Roadshows around the country. Updates to the MRS Code of Conduct will be
covered and questions on the consultation will be welcomed.
London - Thursday 24 Jan
Birmingham - Thursday 31 Jan
Cardiff - Tuesday 5 February
Leeds - Wednesday 20 February
Edinburgh - Tuesday 5 March
MRS members and Accredited Company Partners can attend the Roadshows for
free.
21
22. What else is MRS doing?
MRS Guidance Note on Collecting Data on Sex and Gender
ONS has performed an equality impact assessment for the 2021 Census and
propose to have a new question on gender identity for individuals aged 16 years
and over, alongside the existing question on sex. ONS has conducted extensive
research in this regard and identified several issues requiring further discussion
and clarity.
MRS is one of the stakeholders who will be contributing to a special interest group
set up by ONS, the findings of which will inform the revision to the MRS Guidance
Note.
22
23. What else is MRS doing?
MRS Guidelines for Research with Children and Young People
The new data protection legislation has brought in some changes regarding
researching children, notably that privacy notices must be presented in such a
way that is understood by the child.
MRS is in discussions with ESOMAR and other stakeholders to promote greater
understanding of key issues surrounding researching children, such as the
definition of a child, what defines a responsible adult and what the responsible
adult must be told when their consent for the child to participate is being sought.
23
24. What else is MRS doing?
Brexit Hub
With the EU stressing the importance of a deal, and adequacy-plus, to guarantee continued
cross-border data flows, MRS continues to work with the Advertising Association (AA) and
other stakeholders in lobbying the UK government for GDPR data adequacy arrangement.
Continued cross-border data flows after Brexit will be critical for the sector and MRS continues
to work with a range of stakeholders in lobbying the UK government for a GDPR data
adequacy arrangement that will ensure continued data transfers between the EU and the UK.
However, with the ongoing uncertainty around the Brexit negotiations MRS members need to
start thinking about contingency planning for data flows in the event of a no-deal Brexit.
Our new Brexit Hub has the latest news, position statements and general advice for members.
24
25. What happens after the
consultation is finished?
We will acknowledge receipt of all responses received on the Code Consultation.
Once the feedback received during the consultation period has been reviewed we
will publish a consultation summary and final version of the MRS Code of Conduct.
We will publish the final version of the Code on the MRS website during Summer
2019 and it is expected to take effect on 1 September 2019.
Any personal data you provide to us in responding to this consultation will be
processed by MRS, as controller, in line with the General Data Protection
Regulation 2016 (GDPR) and the Data Protection Act 2018.
The MRS privacy policy is available on the MRS website or a written copy upon
request.
25
Rule 15 – changed to increase transparency and to also ensure adherence to the DPA 2018 rules concerning the naming of data controllers MRS guidance on Data Controllers and Data Processors refers
both the client and research supplier undertaking a DPIA to assess the impact on the quality of the research if undertake to naming of the client as a data controller at the time of data collection. At this point the client and research supplier could consider the risks of informing participants of the client identity compared to not informing, and the impact of the transparency requirements.
l substantive changes here to existing rules, except that they have been reordered into these subheadings for ease of readability.
Any one of us can be vulnerable at any time, this rule should be given consideration when the subject matter is sensitive and/or the individuals partaking in the project may be in need of additional care.
New rule 28 added to adhere to GDPR and address the requirement for a legal processing ground to be in place.
Revised rule 29 sees a new bullet point added be limited ot what is relevant to adhere to GDPR rule on data minimisation
New rule 37 to tie into Vulnerability guidance and to promote public trust in data collection projects and to prevent harm.
Revised rule 37 - changed to adhere to GDPR principle of increased rights of access/erasure
Rule 39 – new bullets added to adhere to GDPR principles regarding special category data and increased rights to withdraw.
Bullet h is to aid transparency and prevent compliants of participants being misled.
Bullet j is to reassure participants that this is a genuine data collection exercise and that their personal data will be treated responsibily
Comment to this new rule notes that secondary data include social media, transaction data, syndicated data and Internet.
All MRS guidelines, checklists and best practice guides will need to be revised in line with the new Code. The following are currently under revision
All MRS guidelines, checklists and best practice guides will need to be revised in line with the new Code
All MRS guidelines, checklists and best practice guides will need to be revised in line with the new Code