Data Protection Checklist

This checklist translates complex data protection laws into key requirements for data collectors and users. Use it to build a global compliance programme with greater confidence.

Don't speak English?

Download our Data Protection Checklist in your local language.

Making sense of a fragmented landscape

Professionals and organisations collecting personal data worldwide face a fragmented patchwork of regulations that they must comply with. Developing a compliance programme that meets the world's various requirements can be complicated, particularly for small and medium-sized organisations that may not always have access to top legal and compliance advice.

That's where the Data Protection Checklist comes in. It is a practical tool designed to support you in ensuring that your compliance programme is built around the key compliance issues that lawmakers and regulators care about. It can help you identify gaps in your compliance programme based on requirements that apply across markets.

Built on a solid global foundation

Our checklist is built on common principles that underpin all data protection legislation around the world. They have been set by government bodies united in the international Organisation for Economic Development and Cooperation (OECD) and require:

  • Minimum impact for the individuals whose data is being collected

  • Appropriate notice and consent for the individuals

  • The responsibility to guarantee data integrity and security

  • The responsibility to safely manage any transfers of data

  • The publication of one's privacy policy

  • Special care when dealing with collecting data from children, business-to-business, photographs, audio and video recordings, cloud storage and anonymisation.

Written by compliance and insights experts

The Data Protection Checklist was drafted by an international project team featuring both data protection and compliance experts and professionals working on international data, research and insights projects to help resolve the most pressing operational issues.

David Stark
Vice-President & Regional Privacy Officer Americas at Wells Fargo
Reg Baker
ESOMAR Ambassador, ESOMAR Ambassador for North America at ESOMAR
Ashlin Quirk
ESOMAR Committee Member, General Counsel and Secretary at Dynata
Barry Ryan
Director Global Privacy at American Express
Debrah Harding
Managing Director at Market Research Society
Jayne Van Souwe
Principal at Wallis Market and Social Research
Kathy Joe
ESOMAR Staff, Research World Editorial Consultant at ESOMAR
Stephen Jenke
Co-Founder and Methodology Director at H-Research Asia
Wander Meijer
ESOMAR Individual Member, Director, Asia Pacific at GlobeScan