In May 2018, the General Data Protection Regulation (GDPR) went into effect. The new rules apply to the way companies protect and handle information collected from citizens living in European Union (EU) countries.
However, about 75 percent of brands see GDPR as a challenge to implement, and around 42 percent of brand websites still aren’t GDPR compliant. Taking steps toward protecting the personal data of consumers is a positive change, but the results of GDPR won’t appear until most sites come on board and figure out the best ways of protecting data.
The impact of GDPR on the web industry is multifaceted. Here are seven ways GDPR creates a change online and predictions for where the regulations will go in the future.
1. Making Information Clearer to Consumers
One thing the GDPR provides is a clear source of information about the privacy policies of the site. The GDPR requires brands to put their privacy notice in an easy-to-locate place on the website. You’ve likely noticed that most companies have a link in the footer of their websites. However, some also have pop-ups letting site visitors know they updated their privacy policy recently.
Think through the reading level of your average customers and stay away from legal style language. If you need a lawyer to translate the policy for you, then it needs to be rewritten so your users understand it upon first glance.
2. Creating Policies
Updating your privacy policy forces your company into thinking through every element of your policies. How long do you keep information on file? What exactly do you use the information for? Create a plan for how you collect it, how you store it and what happens to information when you no longer need it for business purposes.
One of the easiest ways to ensure GDPR compliance is with a privacy policy template that lays out the specific elements needed. Look at your policies through the eyes of your users. How often should you update your privacy policy? Regulations change frequently, so revisiting your policies at least once a year keeps everything current with laws and your own company’s changes.
AT&T shares their privacy policy in a way that’s straightforward and easy to read. Note the way they list out the main points in bullet points for easy reading. They summarize the main points, but also provide clickable buttons to the full privacy policy.
3. Fixing Security Holes
One of the elements of the GDPR includes a responsibility for companies to keep information secure. Appoint a data protection officer (DPO) and ensure they have the tools needed for secure data storage. The DPO serves as a point of contact for consumers with questions about how their data is stored.
The DPO also updates any information collected at the request of consumers or deletes files promptly as outlined in the privacy policy or when consumers ask for removal.
4. Including Subscription Forms
In the past, companies collected emails or information via forms, but consumers weren’t always aware of how that information was used. More companies clearly list privacy policies on their forms now to ensure GDPR compliance. Adding the privacy policy on the form or near it gives consumers an opportunity to choose whether or not they agree with the use of their personal data. They can then decide to share the information or not.
Cherry’s Material Handling has a form near the bottom of their page for promotional offers. The form has one field and a call to action (CTA) button — just under the subscription box is an invitation to “View our Privacy Policy.”
5. Adding Better Accessibility
One requirement of the new regulation is using simple language that makes the policy understandable for users. Sites that serve more than one country now have details translated into multiple languages. For example, AARP offers a page with their privacy policy and a link for the Spanish version. On the Spanish version of the privacy policy is a link to the English version. Providing two translations serves both languages and expands their customer base.
6. Changing Data Sharing
The new rules require companies to outline how information is shared with third parties. This change is both positive and negative. Consumers’ information is more secure because companies are less likely to sell data without informing their subscribers of the possibility. However, fears of regulatory laws limit how two or more companies work together and share data between themselves, reducing promotional opportunities for businesses.
Dyson states in their privacy policy that they never sell your information with others. Note the visual aesthetics of their privacy policy page. The company lays out their commitment and understanding of the responsibility of protecting your information. Scroll down the page and find a summary of their principles behind privacy and a link to the full policy.
7. Reducing Invasion of Privacy
The GDPR is changing the invasion of privacy perpetrated by companies such as Google and Facebook. In the past, you had no choice but to accept their demands to access all sorts of personal information to use their platforms.
However, Facebook and Google face $8.8 billion lawsuits for not giving users a way to use their platform and still opt out of sharing information such as what types of searches they’re conducting. Specifically, they’re in trouble for their predictive search bars that show users what others have searched for.
The GDPR forces big brands into considering the privacy of the average Internet user. Although this is a pro for consumers, it’s likely going to change the way you use Facebook and Google’s search engines.
GDPR’s Future
Some brands balk at initiating a bunch of new policies and following regulations when they aren’t even located in an EU country. Already, a few brands have refused to do business with consumers in the EU. Opponents point to the vague language of the GDPR as an area of concern. However, expanding into global business provides you with an additional customer base you otherwise wouldn’t have. Once the cases against giants Facebook and Google complete, rules should be a bit clearer and help smaller brands understand what changes they need to implement.
Lexie Lu is a designer and writer. She loves researching trends in the web and graphic design industry. She writes weekly on Design Roast and can be followed on Twitter @lexieludesigner.
