If you work in the UK, European Union (EU), or European Economic Area (EEA), or are part of an organisation with a connection to these places, you will probably be aware of the General Data Protection Regulation (GDPR). You’ve probably had to take part in a training session (or several) on the topic in the run-up to and following the regulation’s introduction in May 2018.
However, there are a number of additional considerations you need to make as a prospect researcher to ensure that the research you do is compliant with the UK data protection regime as set out in the DPA (Data Protection Act) 2018, as well as the UK GDPR, the retained EU law version of the GDPR, which took effect following the end of the Brexit transition period on 31 December 2020.
In this chapter, we will focus on the elements of GDPR and data protection as they relate to prospect research in the UK. But first, let’s take a step back and start off with some definitions of the regulations.