GDPR Guidance for Clients

GDPR – Guidance on using personal data for research purposes

Under the new GDPR regulations coming into force on 25 May 2018, we, as data processors, will need assurances from our clients (data controllers) that their customer data has been gathered in accordance with the new regulations and that it can be used for research purposes. Gathering explicit consent to take part in research activities at the point of data collection is one way of achieving this, however, processing personal data from existing customer databases for research purposes can also reasonably fall under the lawful grounds of legitimate interest.

What this means for you: whilst you may still want to, you don’t necessarily need to gather specific consent for a customer’s (data subject’s) personal data to be used for research purposes. However, if you choose to use legitimate interest as grounds for this use, you must ensure that your privacy notice details the legitimate interests upon which the intended research is based. According to the ICO, this must detail the following:

  • What your purpose for processing personal data is
  • That you are relying on legitimate interests as your lawful basis; and
  • A summary of what the relevant legitimate interests are. (, 2018)

It is up to you (as the data controller) to conduct your own legitimate interest assessment and, in cooperation with us, to consider the research activities you would like carried out (i.e. customer satisfaction feedback, profiling, in-depth qualitative research etc).

A full explanation of legitimate interest and how to include it in your privacy policy can be found on the ICO’s website.

An advantage of using legitimate interest as a lawful grounds for research is that it can be applied after the point of data collection, as long as the privacy policy is updated in accordance and your database is informed of these updates.

What this means for your customers (data subjects): although under the lawful grounds of legitimate interest they do not have to give consent for their personal details to be used for research purposes (this includes contacting them to invite them to take part in research), data subjects maintain the right to object to processing without providing specific reasons.

What this means for us: under the existing guidelines of our industry’s Code of Conduct (administered by the Market Research Society), we will continue to gain informed consent from all research participants. It is our responsibility as researcher to notify data subjects about their right to object at the time of communication.

We maintain our responsibility as data processors to alert our clients (the data controllers) of any data breaches or requests to be forgotten.

We will also continue to gather explicit consent for further research and testimonials, and the gathering of any further data will be covered by our own privacy policy, which can be found at

Following analysis of research results, findings will be aggregated for final delivery. We will take steps to minimise and anonymise research results at the earliest opportunity.

Data security: to protect individual’s data, any document or database that includes personal data must be shared securely. This means all documents that include personal data that we share will be password protected and any data we receive from clients we would also expect to be shared securely.

Further information
Legitimate interests under GDPR: 

Conducting Research under the GDPR: Legal Bases:

Many thanks, 

The Zing Team

Hayley headshot2

Hello from the new girl!

I joined Zing at the start of December 2019 and already it feels like I’ve always been here. My role is essentially a support one – proofreading reports, making travel… Read more »

AEO Awards 2019 - the Great Hall at the Savoy Hotel, AEO Awards

AEO Awards 2019 – watch the video!

The AEO Awards 2019 took place last month at Grosvenor House on Park Lane. As an event put on by the event industry for the event industry, the AEO team… Read more »

focus group3

Anthropology and Business Insights

Writing an introductory blog post is a rite of passage for all new Zing people; however, I’ve managed to spend around nine months here before getting some words down in… Read more »

Content Marketing, tell the truth

Content Marketing and Storytelling: The Power Behind The Truth

It’s no secret that the customer is becoming savvy to traditional marketing strategies, both in consumer and commercial environments. As we all develop a resistance to direct advertising and unwanted… Read more »

AEO Excellence Awards

AEO Excellence Awards 2019 – Zing Insights are the proud sponsors of the Best Consumer Show award

  It’s 8 years since I launched Zing Insights (how did that happen?) and created an agency that is focused on measuring the customer experience, helping our clients drive business… Read more »


World Cup 2018 and using data in sport

With the World Cup only a matter of weeks ago, England fans all over the country are slowly returning to normality, while the players themselves will only have only had… Read more »

Our Clients

We have extensive experience working across a wide range of industry sectors for many leading brands.

Contact Details

Victory House
Chequers Road
NR15 2YA

t / +44 (0)844 800 9588

e /