GDPR Guidance for Clients

GDPR – Guidance on using personal data for research purposes

Under the new GDPR regulations coming into force on 25 May 2018, we, as data processors, will need assurances from our clients (data controllers) that their customer data has been gathered in accordance with the new regulations and that it can be used for research purposes. Gathering explicit consent to take part in research activities at the point of data collection is one way of achieving this, however, processing personal data from existing customer databases for research purposes can also reasonably fall under the lawful grounds of legitimate interest.

What this means for you: whilst you may still want to, you don’t necessarily need to gather specific consent for a customer’s (data subject’s) personal data to be used for research purposes. However, if you choose to use legitimate interest as grounds for this use, you must ensure that your privacy notice details the legitimate interests upon which the intended research is based. According to the ICO, this must detail the following:

  • What your purpose for processing personal data is
  • That you are relying on legitimate interests as your lawful basis; and
  • A summary of what the relevant legitimate interests are. (, 2018)

It is up to you (as the data controller) to conduct your own legitimate interest assessment and, in cooperation with us, to consider the research activities you would like carried out (i.e. customer satisfaction feedback, profiling, in-depth qualitative research etc).

A full explanation of legitimate interest and how to include it in your privacy policy can be found on the ICO’s website.

An advantage of using legitimate interest as a lawful grounds for research is that it can be applied after the point of data collection, as long as the privacy policy is updated in accordance and your database is informed of these updates.

What this means for your customers (data subjects): although under the lawful grounds of legitimate interest they do not have to give consent for their personal details to be used for research purposes (this includes contacting them to invite them to take part in research), data subjects maintain the right to object to processing without providing specific reasons.

What this means for us: under the existing guidelines of our industry’s Code of Conduct (administered by the Market Research Society), we will continue to gain informed consent from all research participants. It is our responsibility as researcher to notify data subjects about their right to object at the time of communication.

We maintain our responsibility as data processors to alert our clients (the data controllers) of any data breaches or requests to be forgotten.

We will also continue to gather explicit consent for further research and testimonials, and the gathering of any further data will be covered by our own privacy policy, which can be found at

Following analysis of research results, findings will be aggregated for final delivery. We will take steps to minimise and anonymise research results at the earliest opportunity.

Data security: to protect individual’s data, any document or database that includes personal data must be shared securely. This means all documents that include personal data that we share will be password protected and any data we receive from clients we would also expect to be shared securely.

Further information
Legitimate interests under GDPR: 

Conducting Research under the GDPR: Legal Bases:

Many thanks, 

The Zing Team


World Cup 2018 and using data in sport

With the World Cup only a matter of weeks ago, England fans all over the country are slowly returning to normality, while the players themselves will only have only had… Read more »


Starting at Zing

I joined the team just over two months ago now and how time flies… It was nothing more than perfect timing that the position here at Zing appeared, just as… Read more »

LBS for blog

The importance of event evolution

With a 62-year history, you might have been surprised to hear the recent British Marine announcement that the London Boat Show 2019 will not be going ahead due to ‘insufficient… Read more »


GDPR Guidance for Clients

GDPR – Guidance on using personal data for research purposes Under the new GDPR regulations coming into force on 25 May 2018, we, as data processors, will need assurances from… Read more »

GGH 300x300

Sponsoring GoGoHares 2018 #GGH18

Summer 2018 brings a city trail of 50 hares to celebrate Break’s 50th Birthday. It’s a New Year, we have a new look and we’re pleased to be supporting Break… Read more »


New Look for a New Year

It’s hard to believe that it’s almost 7 years since we launched Zing Insights as an independent market research agency and we’ve experienced so much change in that time.   But… Read more »

Our Clients

We have extensive experience working across a wide range of industry sectors for many leading brands.

Contact Details

Victory House
Chequers Road
NR15 2YA

t / +44 (0)844 800 9588

e /