Europe’s new General Data Protection Regulation places web designers in a crucial role to implement the new privacy standard.
Most web designers do not work directly with user data collected from a website or digital property. The GDPR was created to clearly define European Union web users’ privacy and data rights, but its effects will be felt around our connected world. Through the implementation of this law, privacy has become a fundamental web design principle quite literally overnight. Though businesses in Canada and the United States are not yet expressly required to implement changes in how they handle user data, any North American company that interacts with or provides a connected service to European Citizens is required to update their privacy policy and privacy measures to ensure compliance.
An Overview of the GDPR
The General Data Protection Regulation focuses on six main topics to outline and protect data rights and privacy for citizens of the European Union. I’ll discuss this below. However, there are a few essential elements I think it pertinent to cover first to ensure you have a clear understanding of the terminology used in the GDPR.
Right to Notification
Web users that can be classified as a citizen of the European Union now hold the right to be notified in writing by a company if they have been hacked and if the security threat exposed their personal user data. Web users also have the right to access any private data a company has compiled on them and be informed how the company has used or is using this personal data. Additionally, users in the European Union now also have the right to be forgotten. This means that users may request a company delete all of their personal user data in its entirety from their systems permanently.
Data Portability
Under the GDPR companies must now allow users the ability to download their data from their website or digital platform in a machine-readable or digital format, such as a CSV file. The downloaded data can then be shared with another company should the user choose to do so.
It is essential to understand the difference between the right to access your personal data and the right to data portability as they are very similar, but there is a crucial difference. The right to access data just means that a company must provide all of the data that it has stored on a specific user and clearly outline what the data has been used for, how long it will be stored on the company’s servers and how the company obtained it. Under the right to access data, the company only has to provide users with the data that the user themselves submitted to the company.
Privacy by Design
The GDPR has given birth to a new design concept simply referred to as privacy by design. The design principle states that any digital product collecting or using private data must implement strict privacy measures as part of the website design and development process.
These concepts are not entirely new, but the GDPR has brought them to the forefront of the global web design industry and given each the power and emphasis to now play a key role in how web designers create and maintain websites.
Web Designers Are Responsible for Data Security
As GDPR comes into effect, website designers are required to take on a more active role in understanding and implementing data security and privacy within their website designs, and more specifically database design. Designers will now be held accountable for understanding what the database looks like and also what information will be entered into and stored in the database.
As far as accountability and understanding goes within our Toronto web design company, every team member involved with a web design project has intimate knowledge of the design, function and goals for all aspects of a project. Our creative team’s focus has always been in favour of complete comprehension of a web project to create an interface design that is accessible, understandable and usable.
The Website Design Process Must Include a Plan for Data Privacy
Many web design companies have seen GDPR coming since it first entered the global web design conversion in 2016. As businesses scramble to meet and adhere to the new privacy laws, design firms that have not yet modified their standard web design process to include a plan for data privacy are struggling to keep up with the requests.
With GDPR in view, web design and development teams around the world will no longer be able to plead ignorance or dodge the responsibility for the data that is collected and shared using their website and digital application designs.
As professional design agencies join the fold, it’s a safe bet that the average cost of website design and development will experience growth as companies come to realise the added work involved in tightening up data security within their products.
GDPR Will Drive Better Website Design
Our Toronto website designers have fully embraced the implementation of GDPR for two simple reasons. Privacy and data security are essential values to our firm, and GDPR adherence will ultimately drive better design in our opinion.
A crucial part of our website design strategy is wireframing. During the wireframing stage, our creative and development teams work together to create a set of blueprints for a new website that allows our clients to experience our website design strategy in a visual sense as well as understand content strategy and user experience. During wireframing, an essential element of GDPR compliance takes centre stage. We ask ourselves and our clients; What data should this website collect, and how should it be stored? Our philosophy on this fundamental question is simple. Don’t collect any data that does not offer a definite improvement in user experience.
Our web designers and developers focus on these core functional and user experience related questions early on in the website design process to allow time for careful thought, conversation and planning. For example, we may start the discussion with a simple question such as:
- If we pull personal data from an API in use, do we actually need to fill all of the fields proposed by the client, or can we narrow the use of data down to only rely on data required to use this particular part of the website?
- If we’re planning on using geo-location services, for example with a store locator, do we really need to use the users’ location to start the search? If so, what risks might be associated with obtaining this data?
The underlying strategy at this stage in the conversation is to understand what data offers improvements to personalisation, and what data increases anticipation. When all parties understand these elements, it’s easy to focus on the user experience and privacy as a whole.
This simple question often ignites an in-depth debate within our clients’ organisation as we’ve all been conditioned as marketers to collect as much data as possible to learn more about our leads. The trouble is, a very high percentage of businesses that collect data on website visitors and application users don’t know what to do with the data or how to securely store this information.
GDPR will literally scare these businesses into submission by hanging the 4% annual income penalty over their heads. The tactic may be primary and brutal, but privacy is a serious matter and those that endeavour to collect personal information on us, need to be held accountable.
GDPR Could Potentially Solve A Common Design Problem
GDPR puts forth a measurable user experience design challenge. Web designers are tasked with creating user interface designs that navigate privacy more clearly than what we’ve all become accustomed to. Many websites and applications in use today bury their privacy settings so deep within their platform that most people can’t find them without instruction or even realise they’re available, to begin with. For those of us lucky enough to find the privacy settings, we then face another hurdle in understanding what the privacy policy actually means in plain language.
As the design community continues moving forward under GDPR privacy will become more accessible for all users and companies will be obligated to present this information in a format that all users can easily understand. The time of giving a company umbrella consent to collect and use our personal data will most likely come to a very sudden ending.
Many companies make use of cookies to store user data to offer a specific experience on their website. Under GDPR, we expect to see more companies employ a service-by-service approach to storing information in browser cookies that are specific to using one service over another rather than storing unnecessary data that may not be relevant to the user experience.
The Culture of Web Design Must Also Change
GDPR is a positive change for website designers and web users alike, but the law is likely not enough on its own to drive the necessary change. Overarching design culture must change and help lead the progression to a more accessible, secure and privacy-focused way of collecting and maintaining user data. Web designers are in the unique position at the forefront to drive this change through knowledge and the evolution of their website design process.
About Parachute Design
Since 2003 Parachute Design has been a leading Toronto web design company. To discuss our approach to website design and learn more about our trusted six step web design process, please give us a call at 416-901-8633.
If you have a project brief ready for review and would like a quote for your website design project, please feel free to expedite the process and complete our web design proposal planner.