Jessica Robbins


This is a guest post from Jessica Robbins, Associate Creative Director, UX at Saxum. Recently named as one of Adobe’s UX designers to follow, Jessica Robbins leads organizations through brand visioning, strategy and the creation of integrated brand experiences. Her eclectic background includes identity, video, motion, print and UX/UI design, all of which she leverages to build experiences that are authentic, engaging and relevant. Her work over the past 10 years largely focuses on building sustainable processes, products and custom design solutions for clients that are human-centered and empathy-driven. Follow her on Twitter and Instagram

Are you GDPR ready?

Unless you have lived under a rock the past few months, you are probably familiar with GDPR.

GDPR stands for the General Data Protection Regulation which is a regulation intending to strengthen and unify data protection for all individuals within the European Union (EU).

You might ask, “Why is an American UXer so interested in GDPR?” Well, not only is this EU-specific precedent also enforceable by international law, GDPR also impacts something that has allowed me, as an experience designer and strategist, to create more meaningful, context-driven experiences. That something is data.

We can forget that personalisation capability is directly attributable to data that is shared either implicitly or explicitly by each user at some point in time on their journey

Joni Mitchell once said, “You don’t know what you’ve got ‘til it’s gone.”

There is no doubt a personalized experience is a better experience. In an age where we are trying to personalize as many facets of a digital experience as possible (because it is so damn effective), we can forget that this personalization capability is directly attributable to data that is shared either implicitly or explicitly by each user at some point in time on their journey. Chances are that as a UX designer, you help craft part of that journey where data is exchanged or you use data provided to you to inform your decisions.

So how does GDPR impact this?

  1. One of the big points about GDPR is that there is no grandfather clause for data. That means data gathered to inform your experience and/or the experience you designed to gather data (like a form) prior to GDPR, will be impacted. You should be thinking “Am I currently using data that is clean?”
  2. GDPR allows “right to erasure” meaning, if a person decides they do not want their data stored or used, they can require it be erased. You should be thinking “How can a user control their data access at any time?”
  3. Data will become siloed yet again because GDPR will require consent before you use information gathered for one purpose to inform other marketing, automation or personalization platforms.
  4. GDPR is going to make it harder for organizations in general to gather and track data due to requirements, disclosures and red tape. Data flow will be pinched and scrutinized. You need to think “what happens to our experiences when the data is gone?”
Who? Me? Yes, you.

Think about all the data we gather, touch or share to help validate design and UX decisions or guide something even as simple a persona development. Even the smallest of agencies or businesses likely touch data in some way (even if you freelance). Before, we likely did not question where the data came from or where it went, we just made plans to acquire it, use it and then pass it on. With GDPR, our access to data makes us implicit in the use of that data whether the data is clean (compliant) or not. We cannot stand idle and ignorant any longer, no matter the quality or quantity of the data and no matter our “bacon degree” to that data.

Here are 11 questions that will get you thinking.
  1. Are you working on a product that could have a user or collect identifying data on a user or person that is a citizen of the UK – either in the UK or abroad?
  2. Are you working on a product that could have a user or collect identifying data on a user or person that is a NON-UK citizen that could use it while in the UK?
  3. Are you working for an organization or company that has operations in the UK?
  4. Are you working for an organization or company that does any business with the UK?
  5. Are you using data to inform decisions?
  6. Are you using data to personalize an experience?
  7. Are you gathering data in the background of an experience?
  8. Are you designing interfaces or systems that facilitate the exchange of data?
  9. Are you sharing gathered data with another party or is data shared with you?
  10. Are you using data from one experience to guide a separate (even offline) experience?

If you answered yes to any of these questions above, then you should take some time to understand the implications of data on your work, company or organization.

As a UXer, you hold a lot of power to craft post-GDPR experiences

On the frontlines of data

International companies will likely prefer not to have duplicate data, processes or methodologies. That means that international companies impacted by GDPR will be taking steps to ensure compliance, and that those steps will trickle down to their non-UK counterparts regardless of whether GDPR is enforceable. That means UXers have a big chance to set some new best practice standards for how data is gathered and handled for the entire world. You are on the frontlines of this data renaissance and placed in a position of influence with a great opportunity to impart a meaningful, but compliant, experience.

Here are just a few top-level impacts in the UX World:
  1. Opt-In and Opt-out processes
  2. API integration Standards and Access
  3. Automation & Personalization
  4. Cross-platform Data Use (using one data pool for direct mail and email)
  5. User Preferences/Account Management (granularity)
  6. Dark Patterns on Consent Forms (pre-checked boxes)
  7. Privacy Policies & Notices (including cookie usage)
  8. Forms Clarity
  9. Analytics & Tracking
  10. Design Clarity

The New UX Paradigm: Privacy, Transparency and Security

The New UX Paradigm

The GDPR zeitgeist is one thing, but what everyone should understand during this specific time in the digital transformation, are the larger themes at work. GDPR is just one of the results of consumers demanding more security, privacy and transparency in their interactions. This is another reason GDPR and any future copycats will not be limited to the UK alone. This triad  of security, privacy and transparency will need to form the basis of any experience moving forward. It will become the rule, not the exception. Experience designers have been training their whole careers to thrive in an environment where technology, people and trust-building are the winning combination.


Don’t let the GDPR “happen” to you (or your organization). Understand the broad-sweeping implications GDPR can have – even at an experience design level. Know that experience designers are primed and positioned to help bring meaningful solutions to the table (yay job security) and there are plenty of opportunities to make an impact.

Remember that security, privacy and transparency are the new currency in which consumers will trade in and that their data is worth its weight in gold – especially for an effective, personalized experience. Creating an experience that builds trust is key now more than ever before – how will you do it? Is your experience GDPR-ready? Start practicing privacy by design now.



You cannot throw a rock without hitting some sort of GDPR info-session or information out there. Look at IAPP, Hubspot, Salesforce, Marketo, Gartner, IBM and Brandwatch for some great resources and webinars.