GDPR is a great chance to improve the experience of your digital products and services.
Companies need to take data security and transparency seriously ahead of the GDPR regulation in the UK on May 25, 2018. But instead of just mitigating risks such as potentially large penalties for non-compliance, companies should see this as an opportunity to make their digital services better and easier to use.
Designing for trust: privacy and transparency
Privacy and transparency are no longer something that can be thought of at the end of a product lifecycle. They need to be brought into the beginning of the product roadmap, with all features and value propositions being validated against trustworthiness and respect for privacy before any technical work begins.
There are a few ideas that your product teams should be thinking about:
Are you using honest design and labelling to elicit data?
Now is the time to do away with the unscrupulous methods of gathering data from users. These are gathered loosely under the term ‘dark patterns’. Many services have used such features to needle users into decisions or conversion steps that they did not intend. Users are becoming acutely aware of such underhanded practices.
Are you offering clear ways for users to manage their data?
- Can users retrieve their data and keep it without submitting a request? (GDPR states one month maximum for data recall)
- Can they see the different types of data you have on them? Can they see why you have collected this?
- Can users discover their data easily, showing a record of all their activity?
- Is there an easy way to carry the data they have created to another service?
- Are users able to take back consent at a later date?
Are you explaining how their data is used?
This does not need to be laborious but can say what part of what data you gathered and what it is being used for. If you outline the benefits, people will be more likely to take part. This is going to become increasingly important as more and more companies rely on machine learning techniques for recommendation engines or predictive modelling. If you can understand how much data is worth to your users, they can offer even more value in return for it. By making the collection and usage transparent, you can build trust early on for your brand.
You can use natural language generation to quickly read out what you have done.
For example, how we are using your shopping list data:
In your previous order, we used the fact that you [regularly order] [eggs] to suggest that you might want to order [flour] as it is [pancake day] [soon].
Have you created a clear communication plan for breaches?
From a user point of view, this means you need to notify anyone affected as soon as possible. As Danny Meyer says, admit what has happened as soon as possible, own the problem and suggest a solution. The quicker and clearer you do this, the more respect you will get from users and the less chance of bad publicity.
Have you revisited your data ethics policy?
A decade ago, big data and ethics was a very new thing. Since then, with leaks, hacks, government surveillance and mass breaches of our information, consumers are much more aware of their personal privacy. Just as with environmental policies and green initiatives, individuals are deciding which companies they should share their data with based on their Data Ethics. Companies who have an individual responsible for ensuring their ethical policies address the changing needs of their market will likely come out ahead.
Clearer product goals
We believe the most important effect of GDPR will be improving the experiences of users of digital products.
The mindset of honesty will ideally result in clearer thinking towards meeting product sales, acquisition and retention goals. If GDPR is going to make elicit data collection harder, digital products will need to work harder to be clearer and better to use than their competitors.
This can only be good for everyone.
GDPR is one of many challenges facing data-rich companies. If you want to talk about this, then do get in touch.