“To comply with GDPR, as of May 25th, I will no longer be remembering anybody’s name, face or personal details without their explicit consent
….phew, finally a viable excuse”
– Jessica; @ticky
This humorous tweet aptly summarizes the objective of the GDPR or General Data Protection Regulation, a legal framework specific to the European Union that was passed on March 25, 2018. The GDPR aims at protecting the privacy of internet users by regulating the way their personal information is obtained and processed.
It majorly affects the way businesses operate online and not just for companies based in the EU but also foreign companies that are doing business there. It makes sense that GDPR affects the legal and engineering departments but it equally affects digital marketing and User Experience too since they involve user data. In terms of UX,
it means 3 things:
The GDPR improves the state of these forms by making it legally binding for companies to make privacy notices more clear and accessible to the users so that they are fully aware of what they sign up for.
This means that the privacy notices must be:
GDPR defines consent as, “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Before the GDPR was passed, consent forms were taken with a pinch of salt but now, while drafting consent forms, companies are obliged to follow the following rules:
All in all, the biggest result of the GDPR is transparency. Users will have a clear picture of why their data is being collected, who is collecting it, how it will be used and how it will benefit them. Knowledge is power and with this power, users will be better equipped to differentiate between companies that are honest and transparent and those that aren’t.
When a first time user is registering with the company, they are bound to encounter a request for data.
It is important for companies to explain why they are being asked for this information and how it will be used. This can be done in the following ways:
1. ‘Just in time’ data collection explanations: ‘Just in time’ are relevant notices that show up during the time that data is being collected. These give users context on the data that is being collected, how it will be used and how consent can be withdrawn wherever applicable.
2. Labelling required and optional data: Clear labelling of the fields of data collection that are required and optional will help users understand the extent of privacy that is guaranteed to them.
3. Email marketing preferences: GDPR rules state that consent to email marketing cannot be assumed when users share email addresses. This means that users must be explained the benefits of opting in. They should also be given granular control over what emails they will be receiving by giving them options of the content and frequency.
Onboarding users is an excellent way to immerse them into the functionality of the app but it should simultaneously be used to inform them about data collection. This is how:
GDPR requires companies to take explicit in-app consent from users while accessing their data. This can be done in two ways:
With GDPR, it is now obligatory to give users total access to all the data that is collected from them. This means that users can now browse, change and delete the data that apps hold. Here’s what they are allowed to do:
In conclusion, although GDPR seems complex to understand, it all boils down to one thing – transparency. Companies should make the intention of data handling crystal clear and privacy controls should be made accessible and user friendly in the design and language. Becoming GDPR compliant means that companies must minimise the data that they collect and limit it to what they really require. Instead of looking at GDPR as a hassle, it should be used as a tool to build a trusting relationship with customers!