GDPR Compliance Redesign

SessionM

Fall 2017 - Fall 2018; Boston, MA

To comply with my non-disclosure agreement, I have omitted and obfuscated confidential information in this case study. The information in this case study is my own and does not necessarily reflect the views of SessionM.

Company Overview

Session M is a customer data and loyalty platform for brands looking to reward their customers with special offers in exchange for insight into their purchase habits.

My Role

UX Researcher, UX Designer

In order to meet compliance with General Data Protection Regulation(GDPR) law, I redesigned facets of our app to allow for willing user consent. Consent under the GDPR must be valid, freely given, specific, informed, and active consent, because consent gives people even more control over their data.

Platforms

Web App

Tools

Balsamiq, Sketch, Invision, Jira, Trello

Collaborators

Project Manager, UX Manager, Back-end Developer

Context and Challenge

Problem Statement

The goal of this challenge was to meet GDPR Compliance by ensuring that:

  • Customers were able to delete their account and all associated data.
  • Active Opt-in Forms that invite users to subscribe to newsletters or indicate contact preferences must default to “no” or be blank.
  • Opt-ins were unbundled. (Thankfully as a UX team we already followed best practice on this.)
  • The privacy notice and terms and conditions were updated to reflect clarity concerning customers data.

Process

Discover

Every project began by reviewing a market requirements document with the project manager to make sure the goals of the project were clear. In addition to the PM, the Competitive Analysis Analyst provided insight into how other competitors approached GDPR with their clients. At this point I began user research on different UX techniques to tackle GDPR compliance. A large piece of the UX puzzle was going to involve confirmation modals and toggle radio buttons.

Ideate

Every project began by reviewing a market requirements document with the project manager to make sure the goals of the project were clear. In addition to the PM, the Competitive Analysis Analyst provided insight into how other competitors approached GDPR with their clients. At this point I began user research on different UX techniques to tackle GDPR compliance. A large piece of the UX puzzle was going to involve confirmation modals and toggle radio buttons.

Design

I was a member of a 3 person UX team and the primary designer on this project. I worked together with my colleagues to brainstorm, design, review, and iterate low fidelity mockups. We had a short timeline and a small team which is why we almost exclusively worked in low fidelity mockups when making quick changes to the software. Our design style guide allowed front end developers to have a strong understanding of how pages were to be styled. Our low fidelity mockups suited us well and the developers had no trouble reading them.

Review

After each initial round of designs we would review as a UX team and make sure we were on the right track and that we were keeping high level goals in mind. I would present these designs to the UX Manager, point developer, and PM using Invision to map the screenshots. After another round of iterations, I made sure to correct anything that was not scoped properly for development. Then the Balsamiq mockups were ready to be built in staging. Once the design was fully developed, I QA reviewed the feature in staging before it was released to production.

Outcomes

As a result of this rehaul, SessionM reached GPDR compliance. I learned quite a bit about the General Data Protection Regulation law and about how the back-end of our software handles customer data.