Posts

What happens when content design crashes into the General Data Protection Regulation (GDPR)?

 

What would it be like to produce content in a total data vacuum? Picture yourself working in soundproofed blacked-out box with a computer that can only send but never receive information. You have a brief to design some content, but you haven’t been given much information about your users. You’re going to have to rely on intuition and assumption about their needs, interests and behaviour. No matter – you’re a resourceful person, so you make the best of it and cobble together some best-guess content. It’s a relief to press send.

Off it goes into the ether and you’ll never have to think about it, the users or their needs again – because there won’t be any feedback. That includes all metrics, page views, click-throughs, bounces and everything else you’re used to for assessing whether your work is fulfilling its aims. It sounds like a recipe for awful content, doesn’t it? It must be – though of course you won’t get to know either way.

Data drives content

For content professionals, such a scenario in the real world is unthinkable. Content is driven by data and databases, from analytics to A/B testing. Data is the beating heart of how content designers think about user needs and what we do to deliver on them. It’s also the biggest weapon in our armoury when it comes to dealing with sceptical and obstructive forces in the organisations we work for.

And yet, the situation above isn’t just a thought exercise. Working in a data void – or at best with a seriously diminished data set – could well become a reality for many of us in a couple of years if we don’t take timely steps to stay compliant with imminent new data protection legislation, according to Hazel Southwell, Data Protection Consultant, speaking at a recent Content, Seriously meetup.

Ignore data protection at your peril

Content producers who ignore the new rules will be destined to launch their content into the void, she warned, like the Soviet scientists who shot Laika, a Moscow street dog, into space with scant means of monitoring her progress and no hope of her survival. The ill-fated dog died from overheating after only a couple of hours and the scientists learned next to nothing from the adventure. At least she got to be the first animal in orbit – which is far more than content producers can hope for in return for their doomed efforts.

Producing content without user research and analytics (both pre and post publication) makes it far more likely to be irrelevant to target audiences – and useless to our objectives. More than that, data is the trump card, the invincible ace of spades, in any argument about the direction that content should be taking.

How often does data come to our rescue when subject matter experts are blocking improvements to clarity and readability, or when managers are resistant to important content changes? They can’t argue with the data. Without data in the armoury, we’re fighting blindfold with both arms tied behind our back.

Say hello to the General Data Protection Regulation

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force, making sweeping changes to rules governing the way we collect, use and store data. It will have an impact on any organisation, whether based inside or outside the European Union, that processes the personal data of any resident of the EU or any EU citizen elsewhere.

Companies will no longer be able to sidestep data protection obligations because their head office is in the US, say, or their servers are in Vanuatu. If they’re dealing with the personal data of EU citizens then they must comply with the rules. So Brexit will not provide a way out for UK organisations either.

The UK currently has one of the toughest data regimes in the world in the Data Protection Act 1998, backed up by the enforcements of the Information Commissioner’s Office (ICO). But the GDPR knocks that into the shade, not least with sanctions that are designed to bring the global tech behemoths out in a cold sweat. Even the likes of Google and Facebook might think twice about transgressions, faced with fines totalling €20 million or 4% of worldwide annual turnover – whichever is greater.

Personal data will include photos, email addresses, bank details, social media posts, cookies and IP addresses – anything, in fact, that identifies you directly or indirectly in your private, professional or public life. And if you’re processing this data, whether you’re a multinational or working from your front room, whether you’re turning a profit or not, then you’ll need to comply.

It might be a shock for a humble WordPress blogger to find their use of tools such as Google Analytics (much of which is based on monitoring IP addresses) could fall foul of the law. And their difficulties will be compounded if they deal with personalised content tailored to their audiences – for example, if they use a formula whereby 2 users might see a different paragraph within a single page depending on their age. It seems the quest for making highly relevant content is to become even more tortuous.

So how do you comply with the GDPR?

You’ll have to get explicit consent for obtaining and keeping personal data, which must be given to you freely, rather than as a bargaining chip for accessing your services. You’ll need to ask for it in clear and obvious way, not just imply you’re taking it and going ahead.

Having obtained consent fair and square you’ll have to store it, not only so the ICO can check you’re doing things right, but also so individuals concerned can see what you have on them. They should be able to transfer their data to other data controllers if they want – what’s being described as a new right of ‘data portability’.

Consent can be withdrawn as well as given, and you’ll have to erase data or correct inaccurate data if requested, or restrict processing data if you get an objection. If the data you’re keeping gets compromised through a security breach you may have to notify the relevant authority, the individual concerned or the public at large.

You’ll have to demonstrate that you’re complying with the GDPR, through policies and procedures, staff training, monitoring, documentation – and if your organisation is large enough, with the appointment of a designated data protection officer and appropriate records of your data processing activities.

Privacy will be prioritised by better design (privacy by design) and through more stringent default settings (privacy by default), and you’ll be encouraged to use data only when strictly necessary for your services.

Privacy fights back

If it sounds tough, that’s because it is. There are some obvious exemptions to the rules – such as for national security, defence, law enforcement, public services and health and so on – but it seems the EU has had enough of companies storing and selling huge quantities of personal information, our interests, health, social background, jobs, wealth, education and much more – information that has very likely been obtained in ways we were not wholly aware.

While we unwittingly surrender the details of our address books, calendars, emails and map co-ordinates to apps and companies that seem to have no call to know them, many of us are only dimly realising that our most private information is forming part of a vast global trade far beyond our control. Marketing giant Acxiom, for instance, is said to have stockpiled up to 3,000 separate nuggets of information on each of the 700 million people in its files.

In this context, the GDPR could be a welcome rebalancing in favour of the individual. Even so, EU member states still have some flexibility about how they implement many of the GDPR’s 99 Articles – not to mention the uncertainty of how a post-Brexit UK might slot into those arrangements.

There may also be ways to anonymise or ‘pseudonymise’ data so that it can be used without stepping on anyone’s toes, or making the most of exemptions for statistical research that doesn’t rely on the identifying aspects of the data. The sweep of the legislation may be fixed, but the crispness of its final boundaries are still to be defined.

Respect privacy, improve content, win trust

However the cookie in your cache might crumble come May 2018, content strategists must start putting data protection much higher up the agenda now. Content professionals are creative people and will be able to conjure up inventive and unimposing ways for users to give consent about their personal data.

It’s in everyone’s interests that content is engaging and relevant, and it won’t take much for users to understand how important data is for the best in content creation. It will be even more important for content professionals to create the kind of compelling content that will make users care enough to click the consent button – in whatever form it takes – without a second thought.

Many thanks to Hazel Southwell for her contribution to the Content, Seriously meetup.

LinkedIn https://uk.linkedin.com/in/hazel-southwell-55781412

 

Talk to us

 

Evidence-based content strategy and design

There is a lot of talk about evidence-based design these days. A quick search for evidence-based design, or EBD, returns results mostly focused on health care and the construction industry. Both of these professions have a vested interest in developing an empirical understanding of how people interact with their environments so that their practices can improve the effectiveness of project outcomes.

In healthcare, this means improving patient and staff well-being, patient healing, stress reduction, and safety.

In construction, the goal of evidence-based design is to improve the performance of buildings, and not only looks at ways that people interact with the built environment, but also how the various components of buildings interact as a complex system.

More

Evidence-based design method – Wikipedia

Evidence-Based Design Journal

Evidence-based design in digital services

In the realm of interactive digital services, the term evidence-design has crept in, largely unheralded. The benefits are seen as credibility.

Evidence-based design bases decisions on research, both user and scholarly, and increases the likelihood of effectiveness and ultimately success. Human Factors International, a consultancy known for its scholarly contributions and its accreditation program, describes the process as:

  • clarify the question being asked regarding UX methods or design
  • identify sources of research or best practice to help answer the question
  • find available research or best practice
  • review for credibility and applicability
  • check to see if other research or practice has come to the same conclusions
  • save copies of the materials along with links or citations for future reference
  • communicate and apply what you have learned

More

Evidence-Based Best Practices and Research – Human Factors International

Evidence-based content strategy and design

The more research we do into evidence-based design, the more that Scroll can attest that all along, it has been using an evidence-based design approach to content strategy and content design.

The methodologies are quite similar.

Evidence-based content strategy

Content strategy recognises that an organisation is a complex system, where various components interact to optimise content performance. A successful project outcome requires foresight and planning.

The discovery phase of a content strategy involves making a diagnosis, and then finding the right prescription.

The steps are:

  1. Clarify the organisational problem that content is being asked to solve.
  2. Research the content requirements of the organisation, the content consumers, the content developers, the technologies used to manage content, and the content itself.
  3. Conduct a gap analysis by looking at the difference between the current state and the ideal state.
  4. Determine the gaps that have prevented the organisation from reaching their ideal future state.
  5. Research content lifecycles, and identify best practices for the context.
  6. Map out a high-level solution and validate for feasibility and applicability.
  7. Communicate findings and get buy-in to proceed with implementation.

Once there is organisational clarity and agreement around the roadmap to a solution, the evidence-based content design process takes over.

Evidence-based content design

Once the big-picture goals have been established, the implementation phase begins. This is where content design comes in.

The content has to work from an editorial perspective, a user experience perspective, a comprehension perspective, and a technical perspective before it’s fit-for-purpose. That doesn’t happen by accident:

  1. Use evidence from analytics, user research and elsewhere to clarify the problem the content is being asked to solve (the user need).
  2. Research the requirements that allow the content to make the user of the content successful at their tasks (the acceptance criteria).
  3. Find the best practices for developing and delivering content in that context.
  4. Validate for credibility and applicability.
  5. Communicate findings and create the content.

Qualifying this approach as evidence-based design

Developing content and content systems is subject to the same rigour that goes into designing a healthcare environment or a building envelope that improves the performance of a complex system.

There is no room for opinions and conjecture.

An organisation must know they have a better system than before, and that their new system delivers better-performing content than before. They must be able to demonstrate this with data.

In content design, this is done through an empirical understanding of how people interact with content, combined with deep domain knowledge of editorial processes, learning theory, comprehension techniques, information architecture, and content development theories and practices. Once the content is live its performance can be measured using various metrics from web analytics, as well as through direct feedback from users.

In content strategy, this is done through a knowledge of content design combined with an understanding of the various ecosystems used for content development, management, and delivery.

In both disciplines, the experts at Scroll have a keen understanding of using content as a business asset to further organisational goals.

We are a Living Wage EmployerCrown Commercial Service SupplierCPD certified

© Scroll