Data Privacy and Research

This Data Privacy and Research course comes in two parts – an introduction to the core data protection principles plus a second on conducting a Data Protection Impact Assessment. This on-demand course will equip you with the necessary skills to navigate today’s data privacy challenges.

Course overview

There are many benefits to complying with data protection law. As well as being the law, good data protection also makes good economic sense because it saves you time and money. It demonstrates to customers that you care about their information, which is good for your reputation and your brand.  More and more people are becoming aware of their personal data and how it’s being used, so any organisation that wants to be trusted has to get it right.

Data Privacy and Research – Introduction

This two-hour session, delivered by Julie Corney, MRS Standards and Compliance Manager, provides an overview of the data protection principles and key concepts in the UK Data Protection Act 2018, within the context of the research sector. It enables participants to develop an awareness of the legal framework and context for data protection and to build confidence around their responsibilities.

Who is the course for?  

This is an entry level course essential for new practitioners or as a refresher for those wishing to brush up on the basic constructs of data privacy.

Key learning outcomes:

• Develop awareness of the legal framework and context for data protection and build confidence around responsibilities
• Identify key actions to embed the accountability and transparency requirements of the GDPR
• Share best legal and ethical practice in the market research sector

Topics covered in detail:

• Data protection principles in research projects - Explore the key constructs of data privacy (transparency, accountability and privacy by design and default) in your data collection activity.
• Controllers and Processors - Understand your role in relation to the personal data you are processing, a crucial point to ensure compliance with the UK GDPR and the fair treatment of individuals.
• Choice of legal processing ground - There are six lawful bases for processing dependent on your purpose and relationship with the individual   
• Transparent Privacy Notices - Privacy notices are important to foster trust. Learn how to draft privacy notices that deliver the appropriate information effectively to the audience being researched.
• Records, Data Security and Breach reporting - Learn how to document your processing activities and record keeping responsibilities and how to handle a personal data breach.

Conducting a Data Protection Impact Assessment for Research Projects

Data Protection Impact Assessments (DPIAs) are required when processing data that is ‘likely to result in a high risk to the rights and freedoms of natural persons’. This one-hour session delivered by Debrah Harding, MRS Managing Director, uses case studies to explore the appropriate use of, and approach to, DPIAs for research projects, focusing on their use in line with regulatory guidance published by the Information Commissioner’s Office (ICO).

About the course:

This is an entry level course essential for those with data protection responsibilities for research projects who wish to understand the fundamentals of Data Protection Impact Assessments. 

Key learning outcomes:

• Develop an understanding of Data Protection Impacts Assessment process
• Understand the circumstances when Data Protection Impact Assessments are required using the UK and EU criteria
• Understand the new legislative changes being proposed for the UK regarding Data Protection Impact Assessments
• Appreciate the appropriate use and approach to using Data Protection Impact Assessments for research projects

Topics covered in detail:

• The purpose of Data Protection Impact Assessments including how they can be used as tools for risk-based compliance
• The criteria for determining when Data Protection Impact Assessments are required (and not required) applying the criteria used by the UK and EU data protection regulator
• The process for conducting a Data Protection Impact Assessment focusing on the 9-step process developed by the UK regulator, the Information Commissioner’s Office (ICO)
• A detailed research case study applying the ICO’s 9-step process