GDPR: Consumer Rights First

GDPR marks a modern shift in the way that business can interact with consumers' data. It gives consumers much greater control over their data and when they will be contacted. There is extensive writing on GDPR compliance elsewhere, but a few highlights are that

Pre-ticked opt-in boxes are no longer valid; users must actively give consent by ticking the opt-in box themselves.

There should be granular options to consent separately for different types of outreach. Websites can no longer add people to their long-term mailing lists just for requesting a product demo, for instance. There should be separate, unticked options for each.

Consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.

It should be clear who is handling users' data. Websites must clearly communicate the names of any third parties who will be relying on consent.

Users should be able to have their data removed at their request, and that process should be as easy for the user as it was to sign up in the first place.

How does this affect UX?

Granular consent potentially means lots and lots of options to opt-in to. Active consent means more clicks (i.e., work) for the user. Additional details about data handling mean more blocks of text. These changes could easily spell UX disaster. But there's no need for that. Here, are several ways to make your marketing-opt-in better and better (with examples!). Assuming that cheap tricks for opt-in no longer apply (i.e., pre-ticked boxes), your user experience can make or break your funnel.

Use Fewer Fields

More fields mean more work, and more work means fewer sign-ups. You should cut fields whenever possible. However, removing fields will be at odds with GDPR's requirement of granular consent, which requires separate permissions for different kinds of marketing efforts. You should use this as an opportunity to tailor your goals. Do you really need to send them snail mail? Must you have their telephone number? If no, cut it. Throw out the nice-to-haves so that you can have a buttoned-up user experience.

Oracle does an awful job of this, in this pre-GDPR example where they ask for lots and lots of information.