On May 25th, the infamous GDPR went into effect, forcing all Internet-dependent companies into changing their privacy policies online, mainly to protect the privacy of all E.U. citizens. If you currently live in Europe, your inbox is probably spammed with ‘We’re changing our privacy policy” messages from Facebook, YouTube, Google, etc.

National governments aren’t required to vote on this matter because it’s a regulation, so it’s applicable with immediate effects. Why worry about it, though? Well, in some of the ‘GDPR changed our privacy policy’ messages they kept sending to you in the past month or so, they didn’t only notify users about hiring DPOs (Data Protection Officers) in their companies, but some have also announced changes in design as well.

The beginning of human data rights

In the past few years, giants such as Facebook and Yahoo have leaked and illegally used data without their users’ consent, respectively, which is why GDPR was first created, back in mid-2016. Once these allegations went public, they were heavily criticized by Zuckerberg and other CEOs. However, the Senate testimony of Zuckerberg back in April revealed to us that Facebook’s creator not only sold data without consent and didn’t know the purpose of this data, but he somewhat disagreed with the senators concerning government-imposed data & privacy regulations.

Before the GDPR went into effect, Zuckerberg was invited as a guest in the E.U.’s Parliament as well, where he wasn’t received well by its members. Nevertheless, Facebook justifies using part of the personal information with consent for marketing purposes. In their own words, “It’s better to know what customers like and serve them quality content, content that truly matters to them.”

Privacy by design

Part of the GDPR, the ‘privacy by design’ concept is what truly matters to designers. According to this, there are seven fundamental principles to follow when this process occurs.

1. Proactive, not reactive

This simple rule explains that DPOs and designers should act before things turn sour, instead of waiting for it to happen, then react.

2. Privacy as the default setting

It means that you, as a designer, will deliver the maximum amount of privacy by ensuring all personal data is by default – protected in any given system.

3. Privacy embedded into design

In short, every designer must include privacy as a fundamental part of the system’s core. Functionality must not suffer on account of incorporating privacy protection methods, yet the latter must remain intact.

4. Full functionality

How to achieve full functionality? No idea, but you need to achieve a ‘win-win’ situation where both privacy and security will be present in the product/solution.

5. End-to-end security

Another important feature of GDPR’s ‘Privacy by Design’ concept is the end-to-end security. Basically, what happens to gata is being born, used, and destroyed in a finite period of time. No data can be left behind this process.

6. Visibility and transparency

Trust is gained by showing everything you’ve done with the data provided, increasing the levels of transparency and visibility. Every individual stakeholder has the right to request this, so get ready to show what you’ve done with the data. On the other hand, hiding certain acts is punishable according to GDPR.

7. Respect for user privacy

Finally, there should be strong privacy defaults, timely notice concerning anything connected to data, and protective user-friendly choices.

Conclusion

All seven of these fundamentals should be respected, as your data protection officer would ensure of it. However, this beautiful turn of events for data protection just created a world of chaos for Web Designers all around the world, as most of them now have tons of extra tasks, including the re-work of old designs and careful creation of new ones. In the end, everyone will agree it’s for the greater good.