Working as an independent researcher, you get used to the normal ebb and flow of projects. My diary, leading up to Christmas and the New Year, had been crammed – interviews, reports, deadlines, and then…post-festivities…silence! So how could I most usefully fill my time until, once again, the phone started to ring?

A nagging thought at the back of my mind…that dark cloud on the horizon…GDPR! Time to bite the bullet.

There is a plethora of organisations out there writing excellent articles and offering solid advice on how to prepare for the May deadline, but you can rapidly become overwhelmed by it all (Brexit overkill comes to mind). And, frankly, just how much of it is actually relevant to me and my business?

Ruminating over this with a fellow ICG member at the annual Christmas lunch, I had become involved in a mini working group trying to establish a GDPR training course that would cut through all the jargon and rhetoric and provide something practical, adapted to the needs of the small market research business. The GDPR Experts listened, and produced some excellent online and downloadable learning resources and document templates for the group (

While all of this was ongoing, I was also responding to an ITT for some government sector work. Question number 155 (yes, 155 out of 163!) on the Standard Selection Questionnaire asks, “Does your organisation have Cyber Essentials certification?” This was a new one on me, so I googled it…and it turns out that, since 1st October 2014, Cyber Essentials became a minimum requirement when bidding for certain government contracts.

Making sure you adopt best practice in terms of cyber security makes excellent business sense to me, anyway. And what I also discovered was that you can ‘kill two birds with one stone’ by signing up for the IASME Governance Standard for Information and Cyber Security (Cost £400+VAT). This combines both GDPR and Cyber Essentials in one self-assessment exercise (

My next step was to download IASME’s very useful Self-Assessment Preparation Booklet ( and work through the question/check-list, making sure that I had everything in place in terms of processes, documents, systems etc. to meet the required standards. I brought in my local IT support experts for a couple of hours to check out my home office systems, and by adapting the relevant GDPR Experts’ templates to fit my own business needs I now had everything in place to take the online assessment.

The results came back in less than 24 hours and voila! On 3rd April, 2018 Agfora Ltd achieved the Cyber Essentials certification and IASME Governance standard for Information and Cyber Security. Agfora is now ready to face the post GDPR future of market research.

The cherry on the cake?

Successful completion of the IASME Cyber Essentials certification entitles you to one year of free Cyber Insurance cover and the use of the Cyber Essentials and IASME Governance logos for blogs, websites and newsletters etc., so that you can reassure your clients and business partners, and blow your own trumpet.

What’s not to like?