GDPR & User Experience

3 Things UX Professionals need to know now.

The dust has settled. The privacy policy update emails have slowed down. The General Data Protection Regulation (GDPR) act has been put into place and it may or may not have freaked a lot of folks out.

What's the deal with GDPR anyway?

The EU put regulations on how companies can utilize EU resident data. The regulations have been in place for a while, but have been enforced since May 25, 2018. The whole thing basically says that a user must give explicit consent for how their data is used, and they should be able to easily opt-in and out of what is used. It should be clear what the data is used for, and policies shouldn't be combined with "user agreements" and all those big text boxes that everyone agrees to without reading.

But this is a European thing (and I live in the US)... why should I care?

The interwebs are interesting... they knock down geographic walls... basically, if a EU resident can get to your website, you need to be GDPR compliant.

Top 3 things user experience (UX) professionals need to know.

1. No more pre-checked consent boxes. What was once a simple way to make a easier user experience is no longer an option. Users need to explicitly click on that check box to offer information consent. Note: This is separate from a terms and conditions link or check box.
2. There must be explicit explanation of what user data is used for. "We use your data to provide you with a great web experience." is no longer going to cut it. GDPR requires specifics for users opting-in. It also might mean multiple check boxes for consent. "We use your Name for xyz" "We use your shopping history for abc" etc.
3. Let them out. This is fairly straight forward from a UX perspective. Give users a way to easily say "I'M OUT" - and their data is easily expunged and no longer collected. From a systems perspective.. you need to make sure that the functionality exists to allow users to do this. If it doesn't, then you should have a new development priority.

When in doubt - be explicit. It should also be noted that if you use 3rd party vendors for technical solutions, you are responsible for their compliance on your site. Do you homework and know the tools you are working with.

All thoughts are my own.

This is not legal advice.

GDPR Information can be found in-depth on the data protection rules site.