Privacy Compliance Guidelines

The GDPR and Web Design: What Local Publishers Should Know

When the General Data Protection Regulation (GDPR) went into effect earlier this year, local publishers took notice. The new European Union privacy laws hold small, local publishers to many of the same standards as technology giants like Google and Facebook. But coming into compliance with these new regulations often requires publishers to make changes to their website designs, and in that way, the GDPR and web design are intrinsically connected.

If you’re still wondering what the GDPR is, and how it’s impacting local publishers, we put together a helpful primer back in May.

The GDPR was created to harmonize data privacy laws in Europe and empower ordinary citizens by limiting the types of personal data that publishers can collect without consent. For local publishers in the U.S., the GDPR is having the greatest impact on digital advertising practices. Because of these new regulations, publishers that use tools and host ads that collect data about their readers are required to change their practices.

Pop-ups and splash pages are frequently being used to collect consent from consumers, but questions remain about how these new features should be designed to improve the user experience while at the same time satisfying both the GDPR and web design standards.

Modifying Data Collection Forms

The GDPR defines valid consent as, “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Based on this definition, publishers must be able to document whether their website visitors have given permission to have their personal data collected.

Looking closely at the GDPR and web design best practices, we’re now recommending that publishers go through this process themselves to better understand how current consent practices are working on their websites from a user experience perspective.

Some questions publishers should ask themselves as they design their new data collection forms are:

  1. Is there adequate context and details about how data will be used?
  2. Are any consent boxes pre-checked?
  3. Has the pop-up been designed in a way that gets the attention of users?
  4. Does the pop-up or splash page include a clear link to an updated privacy policy?

In light of the GDPR and web design best practices, publishers should also consider adding separate pages on their websites where readers can easily find information about data privacy. These pages should be both designed and written in a way that’s clear and easy for visitors to understand.

From a design perspective, check boxes are one of the clearest elements a publisher can include on a data collection pop-up or splash page. Visitors should be able to check a box to let the publisher know what type of communication they’re interested in receiving. In addition to bringing the publisher into compliance with the GDPR, this type of opt-in strategy has also been shown to lead to improved email marketing performance.

The GDPR is clear that consent should never be gained through a lack of action. That means checkboxes are used to give consent, rather than to reject consent.

While user consent is important under the GDPR, publishers should be careful not to go overboard. Adding unnecessary consent requests can clutter the page and make it harder for visitors to access the policy information they need.

Updated Email Opt-In Forms

Nearly every local publisher sends email newsletters at this point. The GDPR requires that readers give “specific and unambiguous” consent to be added to email lists. Entering an email address in exchange for free swag or access to exclusive content does not imply consent. To stay compliant, publishers should update their email opt-in forms with more transparent wording, and they should consider a double opt-in strategy.

Individual Preference Pages

As part of the GDPR, readers can change their website preferences and delete their accounts at any time. It’s up to publishers to add new Account Settings or Subscriber Preferences pages to their websites to remain in compliance.

From the perspective of both the GDPR and web design practices, we’re recommending that publishers keep these pages clean and straightforward. Local publishers probably don’t need to offer subscribers the option of downloading their bulk data before deleting their accounts, however it’s always smart to consult with a legal representative on these types of matters.

The GDPR is about consumer privacy, but local publishers need to keep the user experience in mind as they implement new privacy features that add transparency to their websites. Thanks to these regulations, consumers can now expect to see website interfaces that are easier to navigate and privacy policies that are written in plain English.

If you’d like an evaluation of your own website, feel free to reach out to our team for help.