The General Data Protection Regulation (GDPR) is a new data protection regulation coming into force in May 2018, and it will affect how all businesses process and store data. There is a lot to consider ahead of this regulation coming into force, and for a more detailed overview of what impact this may have on your business, we recommend going to the Information Commissioners Office website.

The following tips should be treated as a starting point to make sure you are acting responsibly if you want to recruit your own customers to participate in user research or usability testing.

Be transparent

This is a general rule for all research and testing, but it is worth highlighting in the context of user research with customers. It is important to clearly explain how you will be using your customer’s information if they are opting in to participate in research, and if you intend on passing their data to a third party for processing. You should also state who the third parties are and what processing will entail.

Ask your customers to opt-in

In the past, People for Research have been asked to recruit from a list of customers who have ‘opted in’ to take part in research as part of a marketing campaign. More often than not, people on this list didn’t realise what they were opting in to, or don’t even remember ticking that box.

Our recommendation based on the GDPR guidelines is to simply run a new campaign, with clear and specific details of what you want people to participate in, how they can be involved, and if working with an external recruiter, explaining their involvement to your customers. This may seem like extra work, but in the long run it will reduce time spent calling people who didn’t realise they opted in and have no interest in participating in your study. This is a more ethical and responsible way of involving your customers in user research and usability testing.

Manage opt-outs properly

Any communication that goes out to your customers should have an opt-out option; people have the right to withdraw consent at any point in the process. Above all, the opt-out option should be easy to do and to find, according to GDPR.

If someone decides they no longer want to receive communications, ensure that this opt-out is processed by all relevant internal teams.

Use a secure data transfer service

People for Research understand the importance of securely sharing and storing customer data. When actively recruiting from a client’s customer base, we use a secure data transfer service that encrypts information when sending it back and forth for review, instead of sending data over email. Plus we recommend anonymising personal data, and removing anything that is not explicitly required for the purposes of running the research session.

A GDPR must-have: informed consent

Make sure you give your customers the opportunity to participate based on their informed consent, this means they are happy with the terms of their involvement and what you will do with any information they share as part of a research or testing session.

This should be done as part of the recruitment process, not when they turn up to your office. Otherwise you may need to honour their incentive, even if they decide to not take part because the terms of their participation weren’t explained clearly to them.

Don’t forget about the non-disclosure agreement

Although this doesn’t relate directly to data protection, it is a more general document that should be used across all research and testing, it is easy to become complacent especially if you are just running a simple benchmarking study. However, the non-disclosure document (NDA) is not just for your benefit. It also confirms the intent of the research, and tells participants what they can and can’t disclose to other people outside of the research.

We have a dedicated process for recruiting customers and managing customer lists that has been developed following years of experience. To find out more about this service read our blog about recruiting from customer data.



Maria Santos, Head of Digital Ops & Data Protection

If you would like to find out more about our in-house participant recruitment service for user testing or market research get in touch on 0117 921 0008 or

At People for Research, we recruit participants for UX and usability testing and market research. We work with award winning UX agencies across the UK and partner up with a number of end clients who are leading the way with in-house user experience and insight.