What is GDPR?
GDPR stands for General Data Protection Regulation. The regulation will get enforced from May 25th, 2018 and it will be mandatory for apps and website to be GDPR compliance ready. This law will give EU citizens more control over their personal information collected and handled by the companies.
GDPR applies to any organization that holds information of even a single resident from European Union (EU), regardless of the location of the company. Many organizations outside the European Union are unaware that the EU GDPR regulation applies to them as well.
If a company provides services or offer goods to EU residents, then the digital assets like website and apps must meet the GDPR compliance. Here is the complete list of company’s digital products that require GDPR compliance.
10 UX changes to make an app GDPR compliant
GDPR on apps/websites will have a significant impact on how the users are going to interact and provide information.
Here are the ten critical UI changes to interact with the users. To get a complete GDPR audit report, get in touch with experts from LeewayHertz.
1. Don’t merge the consents together
Correct way of making app login GDPR Compliant
Non-GDPR compliant signup process
2. Explain reason to the users
While collecting personal information from the users on the app like email, phone number, or the address, inform the basis for data collection. Increase transparency and let them know the specific reason for any field collection. Here is an excellent way to show information to the users.
3. Subscription Management
After the customers give consent to communicate, they should be given controls to manage various subscriptions and communication channels. All options should be set to ‘off’ by default. Users should be asked where they want to receive communications like phone, email or both.
4. Ask Access Duration
A user can set a time limit for the companies to track or access their information like location, contact list, photo gallery or messages.
Once the approved time is over, the data should then be deleted or archived.
5. Allow the user to edit information
Users should be allowed to modify the data without notice to the organization.
6. Allow users to view data
A user should be able to see and download the data shared with the organization. Ideally, the information should be emailed on request.
7. Allow users to delete data
Users should have the option to remove all or any data from the database for any time range. For example on a hotel booking app, a user should be able to delete his booking history, browsing or search history, location data or more by selecting a date range.
8. Allow users to delete an account
9. Information changes in data usage policy
All platform users should be informed about any changes in the data usage policy. Find a way to show the notification to the users and take consent.
10. Secure the user data
User data security should be the utmost priority. Companies can be fined up to 2% of their yearly revenue in case there is a data breach. Follow these steps to secure the sensitive data:
Send data to the third-party applications through HTTPS.
Store encrypted data on the local server.
Follow best practices in cloud security no root access, whitelisted ssh IPs,12-factor apps, strong passwords, team password management tools, workplace security, firewalls to reduce attack surface, clean desk policies, etc.)
Who can help me?
The points stated above are few examples of how companies can modify their apps. Executing changes to make an app GDPR compliance ready will need significant modifications in the interface design, user experience, and user permissions. To get a detailed and custom GDPR audit report, contact consultants or an agency that has experience working with other companies.
To fully comply with the law, the following teams need to work together:
Usability and interface designers
Talk to us to discuss your project requirement.