Data minimisation and user research
Doing user research involves collecting personal information about the people we do it with. For Visible in Emergencies we have done interviews and testing sessions with a lot of people. 96 people so far.
Although we do a lot of research, we only collect and keep the minimum information we need to inform the design of our service. I wanted to explain how our team does this.
GDPR and ‘data minimisation’
Collecting and keeping minimum personal information is important. Not only because it’s good practice, it’s the law; a key principle of GDPR called ‘data minimisation’.
What data minimisation means for user research is:
- only collect personal information we actually need to design services
- regularly review what personal information about the people we’ve done research with and delete anything we don’t need
Keep a list of interviews
We have a spreadsheet with details about all the interviews we do. As well as this being useful for planning research trips, it helps minimise the personal information we collect and keep:
- helps us keep track of who we are collecting information about
- it’s the only place we keep names, contact details and other personal information
- acts like a checklist for deleting information at the end of each stage of service design
Avoid using names
Wherever possible our team avoid writing the names of people we do user research with. Instead of names we use initials, but more often we use aliases. For example on all our interview notes we write P1, P2, P3 and so on (P stands for participant). Not using names means should any of our notes got lost, people can’t be identified with something sensitive they might have said about themselves.

Sometimes we do need to know who said something, because we need to communicate the context in which a quote was said. That’s why aliases are stored next to peoples real names on the spreadsheet I mentioned.
No video or voice recordings
Lots of user research can involve recording interviews. The purpose is to have a backup for any notes or to potentially use these recordings (with explicit consent) to help tell people’s stories from the research.
However, our team reflected on previous projects and identified that we never used these videos or voice recordings of interviews. So we decided we would not continue recording interviews in this way. Not only has this saved us time and computer storage space, it means we are only collecting and processing personal information that is adequate and relevant.
Prototypes that forget
The digitals prototypes we test with people don’t store personal information for very long. We built the prototypes using the GOV.UK Prototype Kit, which has a feature that lets us clear personal information after each testing session.

In testing we’ve been sending people confirmation emails to their phone using GOV.UK Notify. Notify automatically deletes names, emails addresses, phone numbers and other personal information after 7 days.
“Data hygiene day”
At the end of each stage of service design, our team has a “data hygiene day”. This is our way of making sure we block out dedicated time to thoroughly review and check we’ve deleted personal information that we don’t need anymore.

Our “data hygiene days” include:
- Making sure all our signed consent forms are scanned and filed clearly
- Updating our spreadsheet with people’s details, which can only be accessed by our team
- Deleting text messages and numbers from our phones that used to arrange interviews with people
- Deleting emails used to arrange interviews with people
- Putting all the photos we took of people (with their consent) into our secure team folder. We keep photos to tell stories internally about the people we do research with.
- Checking photos have been deleted off our phones
- Creating a calendar reminder to review the personal information we have kept and decide if we still need it
Other resources:
If you liked this post, we recommend you also read these ones below about consent for research by Georgina Bourke from Projects By IF:

