GDPR INTERACTIVE CHECKLIST

PIIGDPR Hero@2x-100.jpg

Project Purpose

Background

New regulations and policies and procedures manifested themselves as the United Kingdom exited the EU. GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

GDPR extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover."[4]

The GDPR also brings a new set of "digital rights" for EU citizens in an age when the economic value of personal data is increasing in the digital economy.

Purpose:

Our company set out to make a product to help inform/educate out clients about new GDPR regulations, as well as give them a tool to track and report their compliance with these regulations to their associates.


Objective & Deliverables

We set out to make an interactive checklist, with tools that allowed clients to know what to do to implement on the new regulations, track documentation of their implementation, and that would allow other entities to track their subsidiaries compliance status. 

Deliverables:

  • Working wireframes & prototype for development to build. 
  • Full finished UI including icons

Wireframes

GDPR Site Map

GDPR Site Map

Wireframes of initial direction. The checklist format was made to mimic some existing designs in out HIPAA project. 

Wireframes of initial direction. The checklist format was made to mimic some existing designs in out HIPAA project. 

UI Mockup

GDPR Mockup1.jpg
 
Revealed Enabling : Once the checkbox or item on the checklist was marked complete, this would enable the interaction with the dropdown documentation button, which would allow them to upload, download, and store their documentation. 

Revealed Enabling: Once the checkbox or item on the checklist was marked complete, this would enable the interaction with the dropdown documentation button, which would allow them to upload, download, and store their documentation. 


Approach

We started by identifying the main functionality. We started with the idea of a checklist, and expanded the functionality a little bit more. We wanted it to be as understandable as a checklist on a clipboard, with a set of statements and questions, with check boxes. If we start with a commonly used tool like a checklist, and don’t stray too far from those functions, then it will be harder to get it wrong. 

PIIClipboard to Inferface@2x-100.jpg

We found while working with our design partners and because GDPR guidelines encourage documentation of processes in case of a breach, we decided to add a basic upload functionality. This would allow the user to attach a pdf or document, so that if ever needed they would have that ready to show, or reference in case of emergency. 

Screen Shot 2018-04-01 at 3.08.00 PM.png

It isn’t obvious to our clients what compliance with the GDPR guidelines entailed, so we also added implementation guidelines to each question, with the purpose of helping to inform the merchant of the specific measures they should take to be able to check-off each item in the checklist.

Screen Shot 2018-04-01 at 2.58.39 PM.png

Categorical Users

 

Any company, merchant, or user that does business with companies that are affected by GDPR legistlation, within or without the United Kingdom.

 

"On May 25, 2018, a new European privacy regulation called The General Data Protection Regulation (GDPR) will come into effect.
This regulation will be implemented in all local privacy laws across the entire EU and EEA region. It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents. It provides citizens of the EU and EEA with greater control over their personal data and assurances that their information is being securely protected across Europe.
According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address."

 

As you can see this covered a lot of diverse users. The things that they have in common are basic and we could only start with some basic assumptions.

  • They are required to be compliant buy a certain deadline
  • They didn't want to spend a lot of time becoming compliant, this would be a similar task to doing taxes
  • Because GDPR was new to all, we would have to have some way to educate them about why they needed to impliment GDPR guidelines.

End