Redesigning for GDPR

I wrote a few months ago about the new data protection laws coming in. We have been working with our Data Protection team to design these changes to the applications and forms on our website.

Interpreting new laws is difficult. No-one has been assessed yet by the governing body; the Information Commissioner’s Office (ICO). Our Data Protection team are understandably cautious, as although the ICO is keen to stress that this is not all about fining companies for breaches, we need to be careful so that we don’t risk public money.  They felt that we had to make all of the information visible to the customer on the page before they agree to continue rather than use a button where you “click here to learn more” if you choose.

Our first designs were simple but long. They met the requirements but  did not improve customer experience. For example, if you report fly tipping in your street and provide contact details to know when it is cleared, do you really want loads of writing to appear before you can hit “submit”? Would you even read it?

GDPR cityclean

Luckily, while we were talking about this with the Data Protection team, Google started to roll out their own designs. They did use “learn more” buttons so we all felt reassured and have adapted our designs to suit. Here is an example of the new design in progress:

gdpr mut exc

This is a big step forward achieved by good co-working across the organisation.

Once we have a couple of versions better designed by our UX and Digital Content team and agreed by our Data Protection team, we’ll be testing them with residents.

The Golden Record

Hi, I’m Gary and I work as the Delivery Manager for Digital First. I’d like to tell you what we’re aiming to achieve by:

Delivering a system capable of producing a single/individual cleansed unique dataset for the referencing of other internal applications or systems.

This single system is also known as the Golden Record.

One of the main issues facing local and central government is how to establish a joined-up service that makes it easier for citizens to use council services and reduce staff costs.

At the moment many departments work in silos and records held within one department are separate to those held in another. For example, if you wish to talk to several council departments, each department will go through a set of security questions to authenticate who you are.

These separate records may be different and inaccurate. For instance, Mrs Megan Smith in one department may be Ms M Smyth in another. This is frustrating for the public and adds to the staff processing costs.

To resolve this we need a joined-up service. We can achieve this by building a system that can identify individuals across multiple departments using sophisticated matching routines.

Once we have this, we need a method of updating the out-of-date records to improve data quality and a way to view the data online. We also need to consider records that can’t be matched.

Over the last year we’ve:

  • Identified internal systems to see if we can use them
  • Identified from these systems all useable data sets
  • Built routines that can match data, via a product called ClearCore
  • Identified how we can automate these extraction and matching processes
  • Implemented online Rapid Application Development systems, which we’ve blogged about before
  • Built a supporting database
  • Identified security issues to understand authentication, authorisation and access of individual data
  • Identified a system to update other systems with correct or more up to date information

All of this has been achieved with a single mindset for the future – to give people of Brighton & Hove access to their data in a meaningful and useful way.

I’ll share more details in future blogs.

GDPR – designing to empower citizens

General Data Protection Regulation (GDPR) ensures that we will know what, why and how information about each of us is being stored, and gives us the right to restrict or revoke access to it.

Those of us working in local government have significant challenges as to how we make this work for residents on the forms and applications that they complete. It’s no small task to design data storage, indexes and platforms to deliver these customer rights.

At Digital First we are working with our Information Governance team to match the requirements of the law with the needs of the customer. There are some great discussions going on in the wider pattern design community about how we embrace this opportunity to totally rethink how we present these rights to customers.

The “cookies” acceptance is a useful example to think about. This was also made to empower users. It became “the norm” – but it became an irritating norm. If we really want to empower users with these new rights, we need to present them in a useful way, rather than making them a stumbling block.

A good example for us, and one I am working on, is when a customer comes to book a Pest Control service online. If they are met with a wall of information about what the council is going to do with their data, before even filling in their name, will that make them feel empowered or scared? How do we comply with the level of information we must give without confusing them? We need to make sure that they know what they are are agreeing to, or it’s likely that they will decide to phone instead.

There is an understandable desire to err on the side of legal caution, but how do we make this work for everyone?

As we are all facing this, we would love to share ideas and designs with others. We want to co-design and create some new data design patterns that really do empower the citizen. It would be good to hear from other councils working on this, and any developers and designers keen to share ideas, design patterns or user testing results.

Contact us via the comments, or you can email me at