Designing for GDPR in a customer-first way

Amy Wilson
Jun 1, 2018 · 4 min read

A look at how the reconsent process — mandated through GDPR — has been designed and iterated with the customer in mind, while encouraging people to reconsent in a way that’s fair and open.

If you’re reading this, you probably already know that GDPR (General Data Protection Regulation) is now in force. As a Product Manager at ASOS, that means making sure our site and app can capture explicit and informed consent from customers, so they can keep receiving comms from us.

That might sound like a tick-box exercise (excuse the pun), but not for ASOS. We’re obsessed with being customer-first, and our approach to this is no exception. We say: GDPR is the rocket we need. It’s an opportunity for us to:

  • Give customers more choice about the type of content they want and how they want to receive it
  • Improve customer relationships with a more tailored comms experience
  • Be even more transparent with our customers

With these opportunities in mind, this is how we designed and iterated the journeys that ask our customers what (if anything!) they want to hear from us.

First, our Brand team unbundled all the things they’d been contacting customers about into four categories: Discounts and Sales, Your Exclusives, New In, and Partners. Meanwhile, Product, UX and UI started designing the functionality. We based these on customer research, with a plan to iterate quickly with improvements to the journeys as we saw how they measured up in real life.

Our UX designer Anna tried different approaches to asking customers for their consent. We found that a banner could blend into the background and be easily ignored, but a pop-up risked an immediate tap of the ‘X’ button, almost like an involuntary reflex. Anna recommended timed calls-to-action on the page the customer lands on, and a simple email journey. And most importantly, making it easy to opt in, opt out or choose a sub-set of options.

With a general idea about how the journeys would work, we created a standalone web page to direct a representative 1% of our user base to, via email. It was very much an MVP, but customers could still choose their preferences and have them recorded, and the Brand team could test out messaging. They tried 18 different messages in various combinations and two versions of the reconsent page. And everyone working on the project placed bets on what the winning wording would be!

We took our learnings, and went out with the following journeys…

On-site & app notifications
When a customer who needed to reconsent landed on the site/app, a bubble told them they needed to update their preferences. If they clicked, a modal played back their current choices with three simple options: keep, edit and stop.

If the customer didn’t feel like starting the journey, they could dismiss it. But the little red dot remained on the My Account logo, and as an icon on the app badge itself.

Emails
We wanted to make it as quick and easy as possible for customers to make their choice, so all the functionality of the on-site/in-app journeys were embedded in the emails.

On-site and off-site marketing
But what if we didn’t know whether the customer needed to reconsent, because they weren’t signed in or were just browsing through our Instagram? The Brand team would make awesome content telling customers the law is changing, linking them to a page that works for any customer — whether they had an account or not.

So how did we do?

We analysed data on customer reactions to the journeys and quickly found where we needed to focus our efforts. Our customers weren’t really opting out, or starting the journey and then dropping off. Our biggest barrier was our customers ignoring the notifications.

We don’t ever want to be too interruptive — for example, we wouldn’t want to stop a customer who’s in the middle of checking out. But it was clear we hadn’t found the balance between attention-grabbing and annoying… it was time for a test.

The variants
With a design refresh complete with more urgent messaging, we tested four different versions of the app journey.

The variants used in the test, from least to most interruptive

The results

We saw varied results across our different platforms, finding that more interruptive is only better some of the time! For that reason, iOS, Android and Web each have their own optimum version of the journey, so all the variants are getting their turn in their own way.

The GDPR deadline has now arrived, so here’s hoping we’ve finally found the perfect balance.

Amy Wilson, a Product Manager at ASOS. When I’m not organising my entire work and personal life into Trello boards, I’m listening to hours of comedy podcasts or playing Bananagrams. With thanks to Charmaine Aksakal who I took the reins from in October, and Sigourney Abina-Davis for her beautiful UI.

The ASOS Tech Blog

A collective effort from ASOS's Tech Team, driven and directed by our writers. Learn about our engineering, our culture, and anything else that's on our mind.

Amy Wilson

Written by

Product Manager at Google

The ASOS Tech Blog

A collective effort from ASOS's Tech Team, driven and directed by our writers. Learn about our engineering, our culture, and anything else that's on our mind.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade