UI / UX Design

Guidelines for GDPR Compliant User Stories

May 15, 2018

The GDPR law enforces a number of rules and regulations that dictate how organizations should handle the users’ personal information. We recently wrote a post about how to prepare for GDPR that provides a checklist that can help organizations be more compliant.

A key aspect of GDPR implementation is to understand what actually needs to be built. This article provides a list of user stories that can help product managers, designers, and developers design and implement GDPR compliant features into digital products and services.

Sample User Stories

Business Owners

As a Business Owner, I need to obtain clear consent from the consumer of my product or service so that I can keep record of informed consent to process personal data.

As a Business Owner, I need to ensure that I obtain only the bare minimum information from users so that I can effectively deliver my services and follow compliance standards.

Consumers

As a of a product or service, I need to submit a request to rectify, erase or transfer personal data so that I can protect my personal identity.

As a Consumer of a product or service, I need to download all my personal information in a common format such as CSV so that I can retrieve all my personal information from the product or service.

As a Consumer of a product or service, I need to restrict how the product/service uses my personal information so that I can keep control over when and how my personal information is used.

As a Consumer of a product or service, I need to own the right to be forgotten by being able to permanently delete my personal information from the product or service so that I can protect my personal identity.

As a Consumer of a product or service, I need to view clearly defined data policy in plain language so that I can understand why, how and who processes my personal information.

Families

As a Child under the age of 16, I need to obtain parental consent so that I can get parental consent to use a product or service.

As a Parent of a child under the age of 16, I need to formally consent my child’s usage of a product or service so that I can protect my child from convoluted data policies.

Ensure Your Designs Are GDPR Compliant

Because GDPR limits how personal data is collected, stored, shared, and made available, it’s important to rethink how we craft user stories to ensure compliance. With hefty fines for non-compliance, the value of strategically designed user stories cannot be understated.

As you think about how to design in light of these new rules and regulations, feel free to reach out to Fresh for guidance!

You might also like...

22

Sep.

Discussing UX Design: 11 Fundamental Terms You Should Know

UX research and design is about understanding people and designing experiences. Getting to the finished product is a journey with research, analytics, testing informing, and validating the design work. But to effectively communicate with colleagues and clients about your work, it is critical to understand the surrounding vocabulary. There are many different methods, theories, tools, … Continued

...continue reading

6

Aug.

Utilizing UX Research to Measure Design Success

Before the COVID-19 outbreak, I got a chance to join a UX research session held by Agoda, Asia Pacific’s most influential global online reservation provider for hotels, vacation rentals, and flights. They also happen to be one of our clients, who we do WordPress development for. One of our operating team values at Fresh is … Continued

...continue reading

5

Aug.

Creating a UX Research System with Airtable

Fresh recently worked with a large organization that was changing its product design process and was looking to us to advocate for design-led development. During our collaboration, we created design systems to standardize the organization’s design language – a codified system of stylistic guidelines – across their suite of products. Before our collaboration, their designers … Continued

...continue reading