The GDPR law enforces a number of rules and regulations that dictate how organizations should handle the users’ personal information. We recently wrote a post about how to prepare for GDPR that provides a checklist that can help organizations be more compliant.

A key aspect of GDPR implementation is to understand what actually needs to be built. This article provides a list of user stories that can help product managers, designers, and developers design and implement GDPR compliant features into digital products and services.

Business Owners

As a Business Owner, I need to obtain clear consent from the consumer of my product or service so that I can keep record of informed consent to process personal data.

As a Business Owner, I need to ensure that I obtain only the bare minimum information from users so that I can effectively deliver my services and follow compliance standards.

Consumers

As a of a product or service, I need to submit a request to rectify, erase or transfer personal data so that I can protect my personal identity.

As a Consumer of a product or service, I need to download all my personal information in a common format such as CSV so that I can retrieve all my personal information from the product or service.

As a Consumer of a product or service, I need to restrict how the product/service uses my personal information so that I can keep control over when and how my personal information is used.

As a Consumer of a product or service, I need to own the right to be forgotten by being able to permanently delete my personal information from the product or service so that I can protect my personal identity.

As a Consumer of a product or service, I need to view clearly defined data policy in plain language so that I can understand why, how and who processes my personal information.

Families

As a Child under the age of 16, I need to obtain parental consent so that I can get parental consent to use a product or service.

As a Parent of a child under the age of 16, I need to formally consent my child’s usage of a product or service so that I can protect my child from convoluted data policies.

Ensure Your Designs Are GDPR Compliant

Because GDPR limits how personal data is collected, stored, shared, and made available, it’s important to rethink how we craft user stories to ensure compliance. With hefty fines for non-compliance, the value of strategically designed user stories cannot be understated.

As you think about how to design in light of these new rules and regulations, feel free to reach out to Fresh for guidance!