General Data Protection Regulations (GDPR) are set to be introduced across the EU as of May 25, 2018, drastically changing how brands are legally allowed to store and use customers’ personal information.

While achieving full compliance ahead of the deadline is currently top priority for most brands, these regulations could be a blessing in disguise and present new opportunities when it comes to collecting and using customer data to improve user experiences online.

With that in mind, we’ve identified a few key opportunities for businesses to improve their websites UX, to ensure compliance and increased customer trust moving forwards.

Designing for customer trust

A huge part of the incoming GDPR regulations is that customers will now need to “opt in” to businesses using their data for commercial purposes before any action can be taken.

This means that customer trust will become more important than ever before as consumers will likely only share their information with companies they trust – meaning that brands which take proactive design steps to engender this trust will have access to far more data, giving them a huge advantage over their competitors.

The most effective way to earn your customers’ trust is through transparency. When designing for this, always ask customers to give their consent and explain why giving this information will be a benefit to them. For example, when asking for an email address on sign-up, put in brackets why exactly you need it and what you’ll be using the information for, for instance - “Email address (So we can send through your confirmation email)”.

You should also never include your privacy policy as part of your standard “terms and conditions” agreement, which is what we see a lot of brands doing. Always include it as an entirely separate agreement, with a separate tick box and ideally in a separate pop-up window, so customers are more likely to read and fully engage with the content.

Privacy by design

Privacy by design means that customers must give explicit consent before you can collect and use their personal data. Essentially you cannot just “opt them in” without their knowledge, which is what some companies have been doing up until now.

When providing your users with a box to opt in to sharing their data, never have the box automatically checked. Always ensure that users actually have to check the box themselves – signalling explicit consent – before you store any of their data.

It is equally important to provide clear opt-outs for your users when it comes to sharing their personal information – never hide this option on a separate screen. If your users see that they can easily withdraw their data whenever they like, they are likely to feel more secure in sharing this information in the first place. Do not neglect digital inclusion principles in your design– these regulations apply to all of your users, regardless of relative impairment. Avoid small print, use clear explanatory text, and consider people with lower levels of digital confidence or those who may have a physical or vision impairment or a cognitive disability.

Streamlining and refining stored customer data

Another area GDPR is set to overhaul is how long businesses can keep hold of customer data. As of May 2018, customers will have the “right to be forgotten”, meaning that at any time they can demand that any data a company has on them be deleted immediately.

This means that brands will need to ensure that they are not retaining unnecessary data or using it in a non-compliant way if they are to retain customer data and trust.

This should not be looked at as an obstacle, but rather a chance to streamline the data you currently hold. You will need to check through all the data you hold on your customers anyway to ensure compliance, so this is a perfect opportunity to review which data you will actually be using as part of your future marketing strategy.

Because you then know the exact information you need your customers to provide for marketing purposes, this has the added benefit of allowing you to simplify your website’s interface and cut down on unneeded data entry, thus improving the user experience further.

Implement a clear “memorialisation” process that allows people who sign up for your service to specify how they would like to close their account and withdraw their data. It’s good practice and helps people avoid the traumatic digital afterlife situation, where families of a lost loved one struggle to work out how to close down active accounts.

Businesses looking for commercial benefits holding customer data will also feel under more pressure to make it worth a customer’s while to have their information if they know a consumer can opt-out at any time, ultimately improving the user-experience.

Moving forward

Post-GDPR, access to consumers’ personal data will become a privilege, not a right, and should be treated as such. To fully realise the potential opportunities GDPR will bring, forward-thinking businesses need to place customer transparency at the heart of any future business strategy.

Marketing professionals and brands who look at these changes as something more positive than just red tape, and actually take a proactive stance in adapting their design approach to how they are storing customer data stand to benefit from huge levels of consumer trust, bringing an array of benefits both to themselves and to their customer base.


By Hilary Stephenson, managing director at Sigma


GDPR Summit London is a dedicated event which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

Further information and conference details are available at

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus