Redesigning for GDPR

I wrote a few months ago about the new data protection laws coming in. We have been working with our Data Protection team to design these changes to the applications and forms on our website.

Interpreting new laws is difficult. No-one has been assessed yet by the governing body; the Information Commissioner’s Office (ICO). Our Data Protection team are understandably cautious, as although the ICO is keen to stress that this is not all about fining companies for breaches, we need to be careful so that we don’t risk public money.  They felt that we had to make all of the information visible to the customer on the page before they agree to continue rather than use a button where you “click here to learn more” if you choose.

Our first designs were simple but long. They met the requirements but  did not improve customer experience. For example, if you report fly tipping in your street and provide contact details to know when it is cleared, do you really want loads of writing to appear before you can hit “submit”? Would you even read it?

GDPR cityclean

Luckily, while we were talking about this with the Data Protection team, Google started to roll out their own designs. They did use “learn more” buttons so we all felt reassured and have adapted our designs to suit. Here is an example of the new design in progress:

gdpr mut exc

This is a big step forward achieved by good co-working across the organisation.

Once we have a couple of versions better designed by our UX and Digital Content team and agreed by our Data Protection team, we’ll be testing them with residents.

GDPR – designing to empower citizens

General Data Protection Regulation (GDPR) ensures that we will know what, why and how information about each of us is being stored, and gives us the right to restrict or revoke access to it.

Those of us working in local government have significant challenges as to how we make this work for residents on the forms and applications that they complete. It’s no small task to design data storage, indexes and platforms to deliver these customer rights.

At Digital First we are working with our Information Governance team to match the requirements of the law with the needs of the customer. There are some great discussions going on in the wider pattern design community about how we embrace this opportunity to totally rethink how we present these rights to customers.

The “cookies” acceptance is a useful example to think about. This was also made to empower users. It became “the norm” – but it became an irritating norm. If we really want to empower users with these new rights, we need to present them in a useful way, rather than making them a stumbling block.

A good example for us, and one I am working on, is when a customer comes to book a Pest Control service online. If they are met with a wall of information about what the council is going to do with their data, before even filling in their name, will that make them feel empowered or scared? How do we comply with the level of information we must give without confusing them? We need to make sure that they know what they are are agreeing to, or it’s likely that they will decide to phone instead.

There is an understandable desire to err on the side of legal caution, but how do we make this work for everyone?

As we are all facing this, we would love to share ideas and designs with others. We want to co-design and create some new data design patterns that really do empower the citizen. It would be good to hear from other councils working on this, and any developers and designers keen to share ideas, design patterns or user testing results.

Contact us via the comments, or you can email me at annie.heath@brighton-hove.gov.uk