“Data is the new oil,” is a phrase attributed to Clive Humby, a data science innovator in the UK who coined the term in 2006. Since then, the concept has been adopted by both business and economics communities — even making it to the cover story of a May 2017 issue of the Economist: “The world’s most valuable resource is no longer oil, but data.” As we become a more connected society, thanks in part to the internet, our individual data footprints are also growing. Rules and regulations around data privacy, however, have been loose, to say the least. That is until earlier this year when the General Data Protection Regulation (GDPR) was passed–a significant step forward for data privacy.
Over the last few years alone, we’ve seen a number of high-profile data breach stories: Facebook exposing the accounts of 50 million users; the Equifax data breach that may have affected 143 million in the U.S.; and one of the most significant breaches yet, the Yahoo data breach that is said to have affected 3 billion customers. These stories illustrate that data privacy is a major issue as tech companies go from startup to growing up in front of our eyes.
As online security and user experience simultaneously become two of the most important topics for modern companies, GDPR compliance by companies is a must. There is an art to creating a high-quality user experience while also adhering to this new regulation, and it begins with design thinking.
What is design thinking?
According to the Interaction Design Foundation, “Design thinking is an iterative process in which we seek to understand the user, challenge assumptions, and redefine problems in an attempt to identify alternative strategies and solutions that might not be instantly apparent with our initial level of understanding.”
Ashley Graham, a design researcher at a Fortune 500 tech company, explains the process as she approaches it in her job as a user experience (UX) designer:
“Design thinking is a practice that helps us move through a design process. It’s user-centered, and it’s a way to frame your strategy, your design, and your development around that user. Design thinking is also a way of democratizing decision making, so it helps us to bring more diverse ideas to the table. In a traditional meeting only a few people are talking–those with the most power–but in using design thinking we’re not speaking, we’re writing on Post-its and putting our ideas on a wall. We’re releasing them. They aren’t our ideas, we don’t own them, so it helps teams to think less about who said an idea; the idea is for the end user.”
While the two concepts might be seemingly unrelated, data privacy and design thinking both require a customer-first approach. “I think the mindset around both is really similar,” notes Graham, along with a few important questions that she believes companies working with data should be asking themselves, “How do we provide value to this person in a way that is good for them and not just good for our company? How do we only take the information that we need from them to serve them and help them to solve a need? And how do we let the rest of the data go?
5 Best Practices
Being on the front line of user experience, IT and engineering teams can create the infrastructure necessary to ensure that companies are meeting their court-mandated and ethical responsibilities. Here are five themes for engineers and designers to keep in mind. Here you’ll find five best practices that every company working with data should keep in mind.
1. Only ask for the information that you need
Based on her experience, Graham notes that there is a temptation to ask for all the information that you could ever want. However, GDPR tells us no–only take the information that you need to create a quality experience for the user.
2. Make sure that the user knows what they are consenting to
Some companies exist solely with the purpose of collecting and selling personal data. Therefore it’s more important now than ever before to be transparent with consumers on what they are agreeing to when signing up to use your product/service.
3. Use clear and concise language
Another section of the regulation states that you must use clear terminology. “That’s design thinking 101 to create a good user experience,” says Graham. Everything you put in front of your user should be intuitive. “That includes whatever a person is consenting to in signing up for your product. Don’t use weird terminology, keep it simple. GDPR isn’t the first regulation to state this, however, because of its global implications, it’s helping us all to think about how to communicate more clearly to whoever we are designing for. “
As with any new regulation that affects business, training and education are essential. It’s incredibly important for companies to train their staff and educate their consumers. “At my company, we went through hours of training on this. Companies need to be sure that their employees are informed,” says Graham.
5. Company Ethics
Where does your company stand on data privacy? The implementation of GDPR creates the perfect opportunity to think through your company’s CSR strategy, and how it relates to data privacy. Work through the GDPR principles and see how you can integrate them into the ethics of your company.
While data security feels like a buzz word at the moment, its effects will be felt over time as we continue to learn about the power of data and the internet. Trust is an element that every company needs to survive. Handling customer data with care, and empowering users through transparent practices helps to build that trust. Also, influence matters, so if your data practices are up-to-date and secure, you can demand that companies that you work with upgrade their data privacy capabilities as well. Consumer pressure can also move the needle. Graham puts it best, “Ultimately it’s the responsibility of the companies, but it’s also the responsibility of the public to hold the companies accountable.”