There are a number of tools and resources available to help ensure compliance with data protection regulations. We’ve selected some of the ones most relevant to advertising & marketing, as well as market research. This list is by no means exhaustive and there may be other guidance more relevant to your needs.
The Algolia GDPR Project
GDPR is a large and complex piece of legislation, however, this searchable tool may help users navigate and find specific information quickly.
ICO Tools & Resources
The ICO provides a plethora of information and tools to better understand and aid compliance with data regulations.
Any project which makes use of personal data will need to go through a Data Protection Impact Assessment (DPIA). The ICO provide guidance and a general template for carrying this out, but the we recommend that you tailor this template to fit the purpose and assess the risk properly.
Anyone seeking to process data under the basis of ‘legitimate interest’ (one of the six legal bases for data collection) will need to carry out a legitimate interest assessment (LIA). This involves a three-part test. Like the DPIA, this is crucial for risk management and a paper trail is essential in the case of anything gone wrong or if an investigation is required.
Special Category Data (SCD) is personal data which requires explicit consent to process due to its sensitive nature. These include (but are not limited to) data regarding ethnic origin, religious beliefs, sexual orientation and biometric data. As well as explicit consent, collecting SCD requires additional conditions and safeguards. The ICO provides further information on how to handle SCD.
Best Data Practice Guides
- Members of ISBA can consult their guidance, aimed at advertisers and brands.
- If you are a direct marketeer and your work involved processing personal data you should read the DMA’s Code.
- If you are working in market research check out the Market Research Society’s (MRS) Code of Conduct.
- The IPA offers advertising agencies a collection of resources for its members about the GDPR and E-Privacy.
- Adtech companies may wish to visit the IAB UK’s GDPR & ICO Resources hub.
- AOP has also developed member resources for online publishers such as their Data Privacy Good Practice Guidance, Data Use Case Matrix and Data Purposes & GDPR Legal Basis Reference document.
- The European Advertising Standards Alliance (EASA) is the authoritative voice on self-regulation in Europe. It sets operational standards and best practice guides for national self-regulatory organisations across the continent. It has also published its own Best Practice Recommendation on Online Behavioural Advertising for both industry members and self-regulatory organisations.