GDPR resources

Partly due to Cambridge Analytica, General Data Protection Regulation (GDPR) is going to have a more profound impact on data usage globally. GDPR would have been seen as an extra-legal reach, but Facebook is making it look like a good idea.

I thought I would pull together a few resources that I thought would be of interest around GDPR since there is a lot of snake oil being sold as consultancy around it at the moment. I am not going to pretend that I am an expert, so I thought it would be useful to share some of the GDPR related resources that I have been looking to learn from.

Not only in terms of what the regulation is, but what techniques can be deplored to act in the spirit as well as the letter of regulations. Demonstrating a basic respect for the consumer won’t harm any brand, but might point to badly designed KPIs that direct and digital marketers might be measured from.

Andreessen Horowitz put together a good podcast on it.

Privacy by Design – The 7 Foundational Principles by Ann Cavoukian, Ph.D. (PDF) – is a must read paper for creative agencies and product teams. It is based on work that was started in the late 1990s. Cavoukian lists a site as a reference ‘privacybydesign.ca’ – but that seems to be down.

  1. Start by thinking about privacy by design from the start or as Cavoukian says preventative rather than remedial, proactive rather than reactive
  2.  Privacy as the default setting
  3. Privacy embedded into the design of systems and processes (which sounds like a reinforcement of her first point
  4. Not viewing consent in terms of a zero-sum
  5. Privacy secured throughout the lifecycle from end to end.
  6. Being open and transparent about processes to keep the organisation honest and stakeholders informed
  7. Respect for user privacy based on a user-centric ethos

Via James Whatley’s newsletter this article on UX –  GDPR: 10 examples of best practice UX for obtaining marketing consent seems to be complementary to Cavoukian’s work. This is in sharp contrast to the dark patterns often used to force consent by many sites.

More related posts here.