Data Privacy as the New User Experience
In this age of big data and hyper-personalization, companies are putting their best foot forward when it comes to targeting and attracting new customers. As a result, they focus time and energy on not only personalized marketing, but on optimizing the entire user experience to be an enjoyable and hassle-free experience. Most businesses collect data from users to provide an experience more tailored to their needs. Most people’s idea of user experience refers to an end-users interaction with a company’s product or service, including copy, design, usability, and branding. But with the rise of GDPR, user experience must expand to include data privacy and security.
GDPR Wasn’t Enough
The goal of GDPR was to give users more control over their data and to impose hefty fines on companies that do not comply ($20 million, or 4% of annual turnover, whichever is higher), but simply going through the motions to comply with the basic requirements of GDPR does not enhance the feeling of trust and security. Optimizing user experience to comply with GDPR as well as consumer expectations requires making privacy a crucial component of your UX.
At first, response to GDPR fell in 2 major buckets: those who complied with the letter of the law, and those who took the risk of non-compliance, assuming there would be no follow-up on the regulation. The former likely made all the suggested and mandatory changes proposed by the regulation by overlaying it atop their current processes, making them more cumbersome and less pleasurable. This probably had a negative impact on their user experience, and therefore, their business as a whole. The latter, on the other hand, kept business going as usual, making very little, if any, changes at all. As if trying to call GDPR’s bluff, these companies implemented little to no changes in their data privacy practice.
But when companies like Facebook and British Airways were fined $50 million and $183 million, respectively, for their lack of compliance, businesses and consumers alike started to realize that data privacy is not a joke. The problem most companies faced was that they still didn’t know of a way to integrate healthy privacy practices without negatively impacting user experience/journey.
Using Privacy UX as a Competitive Business Advantage
Ninety percent of respondents stated that they are more likely to buy from a company who proves that they are willing to protect their information. Conversely, 72% of consumers say they avoid buying from a company that does not protect their information. Interestingly, most executives overestimate the customers’ trust in a company or its product. Whereas 37% of consumers believe that their information is being adequately protected, 50% of executives believe the same.
Within these statistics, a clear pattern emerges: users are more likely to invest in brands that prioritize their data privacy and security. Even more, with only 28% of consumers admitting to knowing which brands protect their information, there is a significant room for companies to establish themselves as a trustworthy brand and use that to their competitive advantage.
Where Companies Can Start
It is clear to consumers when brands make privacy an afterthought. If, for example, a website or e-commerce store changes nothing about their UX besides adding dull banners alerting customers to a new policy or pop-ups about cookie policies, then they have not designed the user’s experience with privacy in mind. Rather, they are trying to fuse two incompatible practices — old UX with new privacy regulations — into one.
That can come across as shoddy to customers, who have increasingly higher expectations of companies/brands when it comes to protecting their data, while experiencing little to no disruption in their seamless use of a company’s digital asset. Consider implementing some of the following practices into your business’ privacy design to stand out from the crowd.
Create a Privacy Experience Team
Companies who are able to take a step back and look at privacy UX from the lens of the consumer or a marketer will position themselves for success. Assembling a cross-functional privacy committee or team comprised of employees from across the business can help establish practices that include more customer friendly perspectives. This should include members of key departments like marketing, sales, customer success, and legal. It’s also important to include an executive champion who can help get the resources to support the implementation of necessary changes.
Lay off the Legalese
Too often, privacy policies or website terms are written for the benefit of the company with little to no consideration of the consumer. In fact, only 14% of consumers who participated in the study reported reading these policies when making an online purchase. Rather than stuffing these terms full of legal speak, have marketing and legal collaborate on creating a policy that’s easy (and maybe even fun) to read. Customers will appreciate the consideration and transparency.
Offer More Control
Most privacy policies are all or nothing. Companies expect customers to either accept that they’re signing away the rights to all their data or go elsewhere. While many consumers appreciate the personalized experience that sharing data provides others may value security more. Those on the forefront of privacy considerations will present customers with the ability to pick and choose which data they share. Most users fully expect to share data such as email address, shipping address, and credit card, but not everyone wants their search or purchase history stored.
Make It Fun
Do the Right Thing in the Event of a Data Breach
Eighty-three percent of consumers surveyed thought that data breaches were a severe or moderate problem. In fact, 59% said that they are less likely to buy from a business that has experienced a data breach, and only 51% would forgive a company, if they addressed the issue. While laws like GDPR require notice to be provided within 72 hours of discovering a data breach, many states in the US have vague rules around the timing of disclosing breaches. Companies should anticipate that a breach will happen, and have an emergency plan in place for communicating to and protecting consumers ASAP. This should include how to notification will be made (phone, email, mail, etc.) and how to provide protection (credit monitoring, password changes, etc.)
Whether you’re a new company just designing your privacy practices or an established business with existing policies in place, it’s never too late to make privacy a priority. In fact, not making it a priority could end up having a negative impact on your bottom line. The best place to start is with your UX.