What does GDPR mean for you?


#1

I have spent the last ~6 months working with my team (and our users) to ensure that our software (this software) allows users to be GDPR compliant. It has been arduous to say the least.

We (obviously) retain PII in the form of email and IP address so we’ve had to allow people to anonymise or delete their accounts (via an admin). I can’t wait to see the back of it.

Have you guys been hit by the paranoia?


#2

Massive push in our team to get GDPR sorted by the deadline. Deleting user information has been the biggest battle. From a UI standpoint we’ve had to shove it in people’s face all over the interface - not the best looking thing to work with but at least all the users know what we do with their information.


#3

It’s been dead silent here about GDPR. It may depend on your industry and how you do business, but as we serve only US residents, we don’t have any concern or exposure.


#4

That makes sense - I was under the impression that GDPR was concerned with data protection for Europeans. We’ve been receiving emails left right and centre from companies trying to cover themselves with the new legislation.


#5

Definitely, although any American companies that do business with European clients need to make sure they’re adhering to it as well. We’re lucky in that due to the nature of our work we limit ourselves strictly to clients in the US.


#6

Lots of administrative work, documentation etc.
In the preparation it feels like it serves more the administration than the customers.
The question will be how public authorities are sanctioning it in practice.
But in general - from the point of view of a customer - I welcome the increased level of data protection.


#7

Hi guys! I’m a Content Researcher and Developer, but I’m also studying design (sort of like moonlighting :slight_smile: ), so I’m really glad I found UX Mastery to support my learning path! As for the GDPR… Have you noticed that even the most reputable publications are bending the rules a bit? I suppose designers are just doing what they are told by the management, but here’s what I’ve noticed.

Many publications are only seemingly asking users for consent while in fact they are misusing UX design in order to push users towards giving permission for data collecting.

Most evident example? Notification about cookies. You will frequently encounter a pop up that takes up to 50% of your screen, without the [ × ] button. You can’t shut it down, it stays right there at the bottom as you scroll, which is very annoying. So, you click “accept” just to get rid of it.

It’s like they are giving users a silent ultimatum: either share your personal data or suffer through an awful experience while interacting with website content.

Not quite sure this was the thing the EU had in mind when trying to give users back their rightful control of their personal data… What do you think?

Other types of media deserve a slow clap and one sarcastic “bravo, you schmucks” for their way of handling data privacy: they decided to comply with the new regulation simply by cutting off EU citizens, i.e. blocking EU users from their websites. I have read about the consequences of this approach here, if you are interested in the full analysis.

The GDPR is supposed to restore digital trust, but could it also cause a division in cyberspace? People are being discriminated solely because of their location. That don’t seem right to me…


#8

Strangely enough, I worked at a University designing their website in the early 00´s and they were paranoid then about the legal ramifications of accessibility because of changes in the law back then. The current push for GDPR reminds very much of that time. It was a nightmare then and I´m sure it´s a nightmare now but once you fully adopt the whole accessibility mindset, this sort of thing becomes second nature. Opt ins, cookies, Data storage issues, notifications, it all seems familiar. I am a bit surprised how little the strategy for dealing with personal data hasn´t changed in nearly 20 years.


#9

Exactly, such a delay since the previous Data Protection Directive in 1995, and a lot has changed, especially in means of sophisticated ways of collecting and utilizing data. I’m just surprised to see how openly businesses “abuse” UX to have it their way and get what they want - user consent.


#10

I do hate those non-dismissible notices too, but I don’t actually think that the cookie law is actually related to GDPR.


#11

@HAWK Yes, cookies have to be GDRP-compliant. Some of them don’t have identifiers and those are not an issue in this context; but others (which are a majority) utilize data about user browsing history and online behaviour so to craft highly targetable and relevant ads for them :slight_smile:
You can read more about this here: https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-cookie-policies


#12

I started seeing those notices well before GDPR. Was that because those notices were the easiest changes to make?


#13

Honestly, it doesn’t truly impact my day-to-day life, aside from having to dismiss those notifications about new security regulations when you enter a site. It does however impact the business between larger corporations. For example, before the law went into effect my company published an article to let their clients know that they will be complying with the new regulations.

Bottom line- I think it impacts large corporations rather than the individual.


#14

No. The IE cookie law came into effect years ago, which is what I was meaning in my post. The cookie reference in @mia_comic’s post isn’t actually related to those notices, which is why I’m a bit confused around the context here. How the data collected via cookies is handled relates to GDPR, but not the use of cookies themselves. At least that’s my understanding.


#15

@Piper_Wilson @HAWK Yes, businesses had to display the notice about collecting cookies well before the GDPR (that is the due to the cookie law Sarah mentiones), but what’s changed under the GDPR is that they have to be very transparent about the exact reasons they are collecting data and the way they will use it, and ask for user consent explicitly. For instance, in the past, it was enough to say “we are collecting cookies” and then leave an “okay” button for users to click. Now, businesses are obliged to notify users about the way this data is being used (usually under the cookie policy) and make it crystal clear for users what they are giving consent to. What I mention in my post is directly connected to these changes (i.e. changes the GDPR brings to ways of collecting data - cookies included) and how UX is now being misused to push people to give consent. Maybe this technique has been used before the GDPR as well, but I have noticed a lot of publications practicing it now. I can even make a list if you want :slight_smile:


#16

I think it is not a paranoia - this law throw a lot of spams out and helps to protect our data. Many people forget that a lot of rules were before and in my opinion GDPR changes less than many people think.