The EU General Data Protection Regulation comes into force in May of this year - and it's set to change the way digital industries of all kinds approach data collection and consent. I am a strong supporter of increased privacy protections, and I think the new regulations are a step in the right direction - at the same time I can recognise how much extra work these changes are creating for teams throughout Schibsted.
GDPR came up recently in a meeting as an issue everyone is concerned about, yet no one really wants to engage with - maybe it's seen as overwhelming or abstracted from daily processes. Strictly from a UX perspective, GDPR is set to drastically change and limit the ways we can reach users, track and test their experiences. We will need to begin collecting informed consent from all users before we collect any personal information that could directly or indirectly be linked to their identity.
Users will soon have the right to review all data a company holds about them, to review how, when and where the data is collected, to edit or delete data, and to be forgotten. They also have the right to have their personal information from one organisation transferred to another.
Old services will need to be updated. Old records will need to be reformatted. New products, services and tools will need to protect "Privacy by Design." The future of how we design and build digital services in Europe is about to change dramatically.