NiMRA – Nigeria Marketing Research Association

Menu

ESOMAR’S Data Protection Checklist

By /

Any question for which the answer is not “yes” signals a potential gap in a privacy protection programme and a potential risk of violating one or more data protection laws thus indicating that additional protections need to be incorporated.

  1. When designing a research project, do you limit the collection of personal data to only those items that are adequate, relevant and necessary in relation to the purpose for which they are processed and do you ensure that they are not used in any manner that is incompatible with such purpose?
  2. Do you implement processes that ensure that data subjects are not harmed or adversely affected as a direct result of their personal data being used in a market research project?
  3. If you plan to use subcontractors or other third-party suppliers to perform services on your behalf, do you disclose the minimum amount of personal data that is necessary for them to perform the agreed upon services? Do you have contracts in place that ensure a similar level of protection on their part?
  4. If you plan to collect data from children, young people or other vulnerable persons, do you obtain the consent of the parent or Responsible Adult before collection?
  5. Can you identify a lawful basis for processing the personal data?
  6. Are you processing personal data only for their intended use?
  7. Do you make it clear about the specific data to be collected and maintained, including any passive data collection of which the data subject may not be aware?
  8. When using secondary data collected for some purpose other than research (e.g. customer data, social media data, etc.) do you ensure that the use is legitimate and the rights of data subjects are protected?
  9. Are procedures in place to ensure that all personal data are accurate, complete and up to date?
  10. Do you ensure the personal data are preserved for no longer than is required for the purpose for which the information was collected, acquired, or further processed? Do you have procedures to store the data separately or remove identifiers from data records once they are no longer needed?
  11. Is there a clear statement on how long personal data are retained?
  12. Are there procedures in place to allow data subjects to exercise their rights as provided by the applicable laws and regulations?

DOWNLOAD the full document here: http://nimra.ng/wp-content/uploads/2024/09/data-protection-checklist-cg4-4-23-1.pdf

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top