GDPR for Designers
Privacy by Design
GDPR for Designers
General Data Protection Regulation
The European Regulation on data protection is having some notable impact on the design of websites, mobile applications, software, connected objects pretty much everything that deals with users data. All businesses offering
services or products online are reviewing their data protection policy and are including the concept of privacy in the early stages of design as GDPR is not limited to the European Union. It concerns all companies with access to
digital data collected in the EU, even though these companies are physically located outside the EU. Across the world, all organizations will have to put at GDPR requirement if they wish to continue to collect, process and store personal data belonging to European citizens.
To understand the context, we must first understand data,
Any information relating to an identified or identifiable natural person such as name, online identifiers (such as an IP address) and location data.
Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, bio-metric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Best practices for data collection:
1. Collect only data that is needed
Collect the minimum amount of data necessary to provide a service and avoid collecting data which is not needed at that context.
2. Be open about how data is used
Make it easy for people to understand what data is collected how it is used and what happens to it.
3. Data protection is by default
The default controls and settings should be in the most privacy-friendly way protecting users data.
4. Explain automated decisions
Provide clear explanations about how automated decisions are made and make it easy for people to overwrite those decisions.
Now as designers we have to be aware of how data flows to the system, how long it stays in the system and working in collaboration with legal and security teams. GDPR is helpful for a better, more authentic user experience by taking “Privacy by Design” from the beginning.