The GDPR: A European law that acknowledges a need for Legal Design

Some of the more law minded among us might have heard of it. On April 2016, the European Union passed the new General Data Protection Regulation (GDPR), which will be fully enforced in The Netherlands in 2018. It will have a host of implications for the subject of privacy, something we at Visual Contracts cannot ignore.

article
September 2, 2020

The GDPR: A European law that acknowledges a need for Legal Design

Some of the more law minded among us might have heard of it. On April 2016, the European Union passed the new General Data Protection Regulation (GDPR), which will be fully enforced in The Netherlands in 2018. It will have a host of implications for the subject of privacy, something we at Visual Contracts cannot ignore. Large companies will have to appoint a Chief Privacy Officer (CPO) and are required to notify authorities of privacy breaches, for example.

GDPR for marketers
Looking at this regulation, one big thing that might scare companies is the fact that marketers cannot use their client’s personal data for whatever they want anymore. Under the GDPR, they will have to ask permission to use email addresses for each different type of marketing content. In fact, Edwin Vlems at Marketingfacts.nl wrote a nice article going into detail about it. Now, some of you might be thinking: “Great! No longer will I be signed up for 15 different newsletters after ordering from a supplier once!“ However, as Edwin already points out, for marketers on the other side of this regulation, this shift in mindset can be difficult, as it means the customer has all of the power. So, how do you deal with getting leads now that the customer has to opt into everything?

First of all we have to come up with new solutions to change the way we deal with consent forms. And for that we thought it would come in handy to make it simple for you as a marketer to apply the GDPR, by creating a visual overview of the main headlines of what the GDPR contains:

Consent and Content
The first thing you need to keep in mind is ‘You now need consent, for every type of content’, but there are many ways of doing this. Legal advisors will dutifully make sure that clients have all of the opt-in options at their disposal, but the resulting web page can have the user clicking a million ‘I Agree’ boxes without reading them correctly. So obviously creating huge lists of opt-in checkboxes is not the way to go in terms of designing accessible and engaging web experiences. At Visual Contracts, we are continuously looking for new ways of asking for consent for example, such as combining asking consent with other useful info or asking for consent with illustrations or perhaps interactive games, while guiding customers through a signup. (Keep following Visual Contracts if you are interested in how this would look like).

Storage & Use
Just asking consent does not cover the full GDPR however. It also includes the storage and use of personal data. It asks companies to be transparent about what data they have. By doing this, the GDPR actually creates the ideal circumstances under which Legal Design Thinking can thrive. For example, new initiatives such as the one Clinic has, could combine having a privacy registry into an updated privacy notice directed at customers.

The question is how such a privacy registry tool is created and could be used by marketers and customers, which could be explored via design research and prototyping. Since the GDPR aims for the same accessibility in personal data that is being collected, one could provide a privacy notice that visually explains users how their personal data is being processed. Although this might become a quite technical story, more and more consumers become aware of their privacy and ask for if their data is secure. You could save a lot of customer support hours by informing them up front in how this works at your company, while building a brand image associated with being customer centric and transparent and visually show that you care.

Profiling
Finally, there is the aspect of profiling that we want to bring to the attention of marketers. This means communicating transparently about what data is being combined to form profiles of customer segments or personas for example. Since combining data might be more sensitive when a data breach occurs, especially when it contains personal data, a marketer should consider how much data actually is needed to be able to attract or retain a customer. Making the choices about what data to collect and how to use it for profiling, will go hand in hand with formulating a design vision for a marketing campaign, where legal and design comes together.

Together, we hope our infographic can inspire you to make the necessary changes in your company, not because you have to, but because it can actually improve your service. Keep in mind more and more people become aware about their privacy and at Visual Contracts we believe the time customers will demand transparency in how companies deal with their personal data comes closer every day. Just keep the following in mind if all of this sounds complicated. With the introduction of the GDPR, we simply take another step into solving an age old problem. Marketers in their enthusiasm can sometimes cross the line and harass customers with unsolicited offers. The GDPR prohibits a new way in which marketers are able to do this. The rules might seem strict, but this can only push us to new creative heights. Isn’t this the perfect moment to build tools that actually support the consumer to practice their privacy rights through new ways of communication and giving consent in search for the offers they want?

If you want to discuss with us further about creating tools for giving explicit consent, sign up for a free sketch. Or signup for our Legal Design Thinking introduction, to get the skills to improve accessibility of applying the GDPR and other legal topics.