The UX Guide to Getting Consent

Published: December 2017Click To View (PDF)

In the EU’s General Data Protection Regulation, set to come into force in May of 2018, the word “consent” appears 72 different times. However, another word is conspicuously absent from the GDPR: “notice.” Actually, it appears a single time in the document, but in a setting that’s irrelevant to data subjects. The GDPR says that the EU Commission must give notice to a third country when revoking an adequacy decision for trans-border data flow, but doesn’t say anything about how organizations should give notice to data subjects about how their data is being collected, used, shared, and destroyed. What to do? Start with this handy guide to getting consent under the GDPR, leveraging the research of Create with Context and the IAPP to combine a look into how users interact with the digital interfaces and an analysis of the text.