6 Ways to dodge the GDPR with good UX

Published in

KlickUX

3 min readJul 20, 2018

What has happened to our digital experience on the web? Between the annoying cookie consent popups and the updated privacy policies flooding my inbox, there are more barriers to the flow of information than…
[click here to accept expletive]

Think because your business is not located in the EU that you are exempt from the clutches of GDPR? Think again!

GDPR’s jurisdiction affects any platform or device that a European citizen may have access to for which their data is being tracked and stored, regardless of that person’s location.

Any data! Google analytics included. If there is an IP, email or any unique identifier attached to that data record, then you are responsible for letting users know what is being tracked and how it is being used. Otherwise, your company could be subject to a hefty fine to the tune of €20 million, or 4% of the worldwide annual revenue of the prior financial year (whichever is higher).

As responsible experience engineers and UX/UI designers, GDPR has as much to do with us as the legal, tech and CRM teams. We are the gatekeepers to whether or not a user feels confident enough to trust a company and its data collecting intentions. Users will judge their experience by the limiting factors of transparency and levels of complexity to assess their level of risk when engaging with a product. However, nobody wants to read a 3 page privacy policy document. That forces us to devise new design elements to deliver the proper information at the right time in a way that doesn’t overwhelm.

GDPR’s new legislation offers UX both a challenge and an opportunity:

Our current digital products are probably not in compliance with GDPR. This opens the opportunity to perform a usability audit and propose new solutions to improve compliance rates.
Website forms need to change. UI designers are challenged with pushing form structure to provide more information and more choice without being obtrusive to the overall experience
There will be a higher standard and expectation placed on the value exchange between content providers and content consumers, which could lead to content creation that better suits the users needs

Here’s a quick checklist for UXers and Product Designers to use in order to ensure you are in compliance with GDPR rules and regs:

(N.B. I am not a lawyer and this is not legal advice)

Just remember the worst Johnny Mnemonic ever: I.F. D.O.T.S

Integrated Privacy Policy Linking — having a link in your footer to the Privacy Policy will no longer be enough The link needs to be explicitly accessible from the point of data collection
Forgettable — users have the right to be forgotten; this means they can ask to have all previously collected data deleted and withdraw their consent to any further collection of data
Details — users must give consent to all data types being collected and consent to who has access to that data. This sometimes means letting users cherry pick what they want to share, and even risk them saying no to everything
Opt-in — users must explicitly opt-in to having their data collected and used (past or present subscriptions); no pre-checked checkboxes or radio buttons
Transparent — provide the name of every organization, your own and any third parties, who will have access to user data
Separate the Ts & Cs — agreeing to the terms and conditions is different than giving consent to data tracking. These need to be treated as different elements when asking for consent from the user

Remember, constraint makes for better design. GDPR requires us to create digital products as dynamic as the users we create them for.