Sharing Insights That Are GDPR Compliant

At a Glance

Avoiding the collection of personally identifiable information (PII) is important to ensure the privacy protection of your contributors. To help you understand what can and cannot be shared, here is some guidance on sharing insights internally and potentially externally that are compliant with GDPR. For more information about UserTesting and GDPR, read our notice here.



Q: What can I share internally?

You can share any insights with your internal teams; however, it is critical that such content refrains from containing prohibited contributor PII. Note that contributors are not expected to share PII. Sensitive PII can be collected and shared with the contributor's permission; depending on your internal policies and applicable data laws, you may want to follow these guidelines for concealment. Protected Health Information (PHI) can be shared internally but only if your organization has a signed BAA with UserTesting.

Q: What can I share externally? Can I share a clip as part of a marketing campaign?

You can share sensitive PII for business purposes with the contributor's consent. You may choose to follow these guidelines for concealment. If you have a BAA signed with UserTesting, PHI should only be shared with individuals working on projects related to the topics covered in the test; it should not be shared publicly. Contributors are informed that their videos may be used for public display, as outlined in this code of conduct.

Q: What can’t I share?

You should not capture or share any video containing prohibited contributor PII. View our best practices article for a list of prohibited PII to avoid collecting. Note that categories of PII data vary by jurisdiction. Please review our Data Processing Agreement, Content Policy, and Privacy Policy for more information.

Q: Who can I share insights with?

You can share insights with any of your teams and for any business purposes. 

Q: What do contributors agree to when being tested? 

Contributors agree to our terms of service, which tell them that the videos they are in will be used by UserTesting customers. They give additional consent related to the capture of their face in Live Conversations and in face recordings associated with unmoderated tests. Contributors also understand that they are not supposed to share PII, but they can consent to share Protected Health Information (PHI).

Q: What happens if a contributor accidentally shares PII in a recording?

If a contributor accidentally shares prohibited PII (for example, the contributor accidentally exposes their credit card number in a web form), or they share PII without knowing, you can reach out to Support to remove the video. Do not share videos or clips that include that information.

Q: Can a contributor ask for a video to be deleted? 

Once a contributor has consented to be recorded, they cannot ask for the video to be deleted or not used. If a contributor asks to be removed from UserTesting, we delete their PII from our records, but we do not delete any videos they may have been in. 

Q: What happens if I get a GDPR request related to UserTesting videos? 

UserTesting leaves it up to the customer to decide if they want to act on the notice. We will delete any videos upon request by the customer. 


Learn More

Need more information? Read these related articles.

Want to learn more about this topic? Check out our University courses.


Please provide any feedback you have on this article. Your feedback will be used to improve the article and should take no more than 5 minutes to complete. Article evaluations will remain completely confidential unless you request a follow-up. 

Was this article helpful?
0 out of 0 found this helpful