Using Customer Testimonials in Marketing: Legal Do’s and Don’ts for UK Businesses

There’s no denying it - in our digital age, customers trust what other people say about your business almost as much as recommendations from family or friends. That’s why using testimonials in marketing and advertising has become a powerful strategy for UK businesses of all sizes.

But before you go publishing every glowing review or customer story on your website and social channels, make sure you know the legal do’s and don’ts. Why? Because using customer testimonials without breaking the law is key to protecting your reputation, staying compliant, and avoiding expensive mistakes. If you get it wrong, you could end up facing everything from trading standards investigations to breaches of privacy and misleading advertising penalties.

In this guide, we’ll break down the essentials for using testimonials in marketing - including the rules you need to follow, the risks to avoid, and the must-have steps to stay compliant. By the end, you’ll feel empowered to showcase your best customer stories and supercharge your brand, all while sleeping easy knowing you’re on the right side of the law.

Why Use Testimonials in Marketing - And What’s at Stake?

If you've ever made a purchase after reading a review, you already know the power of testimonials. For UK businesses, using testimonials in advertising isn’t just about brand credibility - it can directly boost sales and help win over new customers.

But with increased regulation around advertising and consumer protection, businesses must be careful when sharing testimonials. Here’s why it matters:

• Misleading testimonials can land you in trouble with the Competition and Markets Authority (CMA) and lead to fines, criminal charges, and reputation damage.
• Unlawful use of customer data (photo, name, or story) may breach UK GDPR and privacy laws, resulting in penalties from the Information Commissioner’s Office (ICO).
• Faked or incentivised testimonials are closely policed - you must be transparent about any paid or gifted reviews.

Let’s break down what you need to know to stay compliant when using customer testimonials in marketing.

What Are the Key Rules for Using Testimonials in Marketing?

The laws and regulations that shape how you use testimonials in marketing and advertising in the UK include:

• Consumer Protection from Unfair Trading Regulations 2008 (CPRs): Outlaws unfair commercial practices, including misleading actions or omissions. Testimonials that exaggerate your product can be classed as a misleading action.
• Advertising Standards Authority (ASA) Codes: The ASA enforces advertising rules - all testimonials must be genuine, verifiable, and not misleading. Paid or incentivised testimonials must be clearly labelled.
• UK GDPR and Data Protection Act 2018: Protects customers’ rights over their personal data, including names, images, and stories used in marketing. Consent is a must.

Let’s dive into how these apply in practice when using testimonials in advertising your business.

How Can I Legally Collect and Use Customer Testimonials?

Getting the process right from the start is essential. Here are the steps for using customer testimonials in marketing, while making sure you steer clear of legal headaches:

1. Ask for Explicit, Informed Consent

Before you use any customer testimonial, always get proactive, written consent. This isn’t just good manners - it’s a legal requirement under UK GDPR if the testimonial includes personal data (their name, photo, or contact details).

Your consent form (which can be digital) should cover:

• Exactly what you'll use (quote, image, video, full name, etc.)
• Where you'll use it (website, social media, print marketing, etc.)
• How long you intend to use it for
• The customer’s right to withdraw consent at any time

Learn more about drafting a compliant consent form to ensure you’re covered.

2. Never Edit or Change the Meaning

You can edit for clarity or remove typos, but changing what the customer actually said - or removing vital context - could make the testimonial misleading. This is a direct breach of the CPRs and the ASA Code. Always keep the spirit and intent of the original statement.

3. Make Sure Each Testimonial is Genuine and Verifiable

The testimonial must be the real experience and views of your customer. Keep records in case you need to prove authenticity if challenged. Don’t be tempted to write your own or ask friends to pose as customers (the ASA cracks down on businesses doing this).

4. Be Transparent About Incentives or Paid Testimonials

If a customer was paid, received a discount, or was otherwise incentivised to give a review, you must disclose this clearly. Hiding the relationship risks breaching UK consumer law and the ASA Code, even if the testimonial is honest.

5. Avoid Testimonials That Make Medical or Scientific Claims

If you’re in a regulated industry (like health, wellness, or financial services), steer clear of publishing testimonials that claim specific cures or guaranteed results unless you have solid, independent evidence to back them up. The ASA is particularly strict with these sectors, and unsubstantiated claims could trigger an investigation.

6. Handle Personal Data Carefully

If your testimonials include photos, videos, or other personal data, they become subject to data protection law. That means you need a lawful basis for processing (usually consent), secure storage, and a plan for deleting or updating the data if requested. Find out more in our Guide to Data Protection Compliance.

What About Using Third-Party Reviews and Social Media Comments?

Sites like Google, Trustpilot, or Facebook generate reviews you don’t control. Can you use these in your own marketing?

• Check the terms of use: Many platforms allow you to share reviews but may restrict copying them to your site or printed ads. Breaching terms could get your business removed from the platform.
• Still get permission: If you want to use a review with personal details or a profile image, play it safe and ask for consent.
• Don’t cherry-pick or misrepresent: If you use only positive snippets or selectively quote out of context, this can be seen as misleading advertising under ASA rules.

If you want to publish customer images or screenshots, make sure to read our advice on copyright and IP issues when using social content.

Common Legal Mistakes When Using Testimonials in Marketing

It’s easy to make mistakes with testimonials if you don’t know the rules - even with the best intentions. To help you avoid common pitfalls, here’s what to watch out for:

• Not obtaining written consent, especially for images or full names
• Editing a testimonial so heavily it no longer represents the customer’s actual opinion
• Faking, inventing, or commissioning reviews (or not labelling paid/testimonial incentivised content)
• Relying on generic or outdated templates for consent forms that don’t meet current GDPR standards
• Using testimonials to make unproven claims, e.g., health outcomes or financial returns
• Failing to provide a process for customers to withdraw their testimonial if they change their mind

By following the right process, you’ll avoid these traps and keep your testimonials lawful, credible, and valuable for your brand.

Do I Need Any Legal Documents for Using Testimonials?

You don’t necessarily need a formal contract for every testimonial, but robust documentation is strongly advised. Here’s what we recommend:

• Testimonial Consent Form: Covers all required legal elements - who, what, where, how long, rights to withdraw. This can count as your lawful basis for processing under GDPR. Read more about compliant consent forms here.
• Internal policies: Have a written process for vetting and approving testimonials so all your marketing team follow the legal requirements consistently.
• Privacy Policy: Update to explain how you use testimonials and handle customer data. If you haven’t reviewed your Privacy Policy in a while, this is a good moment to check it’s up to date - learn how in our Privacy Policy Guide.

If you’re unsure your documents are up to scratch, it’s wise to get a legal expert to review or update them for full compliance.

What Happens If I Get It Wrong?

If you use testimonials in marketing and break UK laws, the risks include:

• Investigations and fines: Both the ASA and trading standards can act if you publish misleading or non-genuine testimonials.
• Forced removal of testimonials - or all your marketing materials if deemed misleading.
• Civil liability: Customers whose testimonials or information were used without consent can make claims for damages or request deletion under their data rights.
• Reputational damage: Losing trust with your customers or audience is often the most serious long-term consequence.

As with most legal issues, the cost, time, and stress of getting it wrong far outweigh the effort of setting up your legal compliance properly at the start.

Can I Use ChatGPT or AI to Create or Modify Testimonials?

This is a question we’re hearing more often in the age of AI. While it may be tempting to use tools like ChatGPT to “clean up” a testimonial or create new ones, the same legal rules apply:

• Never fabricate testimonials with AI. All must be genuine, verifiable statements from real customers, not AI-invented “happy clients.”
• Use AI only for grammar or formatting, not to change the meaning or substance.
• Maintain evidence of each original statement and any AI-facilitated edits (in case you need to prove authenticity).

For more information about AI and marketing law, including contract drafting, see our guide on AI contract reviews.

How Can I Maximise the Benefits of Using Customer Testimonials, While Staying Compliant?

The good news is, if you follow the right legal steps, customer testimonials can be a fantastic asset to your marketing. Here’s how to use them for maximum impact:

• Ask for consent proactively: Make providing a testimonial (with clear opt-in choices) part of your sales or follow-up process.
• Keep your process consistent: Use standard consent and documentation for all testimonials so nothing falls through the cracks.
• Stay transparent with your audience: If a customer was given a freebie or incentive, say so. Customers appreciate honesty.
• Regularly review old testimonials: Check that they are still accurate, relevant, and you have up-to-date consent.
• Consider linking testimonials to your broader compliance and privacy strategy. Customers care about how their information is handled - and this can become part of your brand reputation.

If you’re looking for ready-to-use legal templates and privacy strategies, take a look at our Privacy Policy and GDPR packages.

Key Takeaways

• Using testimonials in marketing can powerfully build trust - but only if you follow the key legal rules in the UK.
• Always get explicit, informed consent from your customers before publishing any testimonial containing personal data.
• Never fake, distort, or unduly edit testimonials - and always disclose if an endorsement was paid or incentivised.
• Handle all customer testimonials in compliance with consumer protection law, ASA Codes, and UK GDPR requirements for privacy and data use.
• Use clear consent forms and update your Privacy Policy to keep your testimonial use legal and transparent.
• If you’re unsure about any compliance or process, get help from a legal expert early to avoid costly mistakes later.

---

If you need help with using customer testimonials in marketing, privacy documentation, or compliance with the latest marketing rules, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat. We’re here to help you stay compliant, confident, and focused on growing your business the right way.