Changing the way businesses are regulated in accordance with GDPR
Zelocode is a SaaS-based data privacy management platform.
The platform helps companies and consumers to be clear about the new procedures and protocols that emerged with the GDPR (General Data Protection Regulation).
GDPR Compliance and Challenges
Level of familiarity of companies with the GDPR topic in Brazil in 2020
🙂 31% said they had made changes to the company structure to comply with the law.
💡 63% of the companies stated that they were aware of the GDPR but were still without an adequacy.
Companies were not in compliance with the general data protection regulations
Based on a survey conducted by Serasa Experian in 2020, only 39% of Brazilian companies were compliant with the General Data Protection Regulation (GDPR) that year. This means that the majority of companies still needed to take steps to comply with the requirements of GDPR.
In addition, a survey by the consulting firm ICTS Protiviti in 2021 showed that 75% of Brazilian companies were still not fully compliant with the GDPR. The survey also revealed that many companies still do not have a plan to comply with the GDPR, and the lack of investment in training and awareness of employees is one of the main obstacles to compliance with the GDPR.
For whom are we building?
Proto-persona
João Ricardo
Age: 35 years old
Gender: Male
Occupation: IT Manager of a small company
Location: São Paulo, Brazil
Profile
João is an experienced IT professional who works as an IT manager in a small company in São Paulo. He is responsible for overseeing the company's IT infrastructure and ensuring that it complies with applicable norms and regulations.
He is aware of the LGPD and its implications for the company, but he is facing challenges in implementing the necessary changes to comply with the law. He has a small and limited team and resources, which makes it difficult for him to manage all aspects of LGPD compliance.
He needs to find an affordable and easy-to-use solution that can help him implement the necessary changes and ensure that the company is compliant with the LGPD.
Goals
-
Conduct a data inventory: João needs to identify what personal data his company collects, processes, and stores, and where it is stored. This is a crucial step to ensure that the company complies with the LGPD's principles of purpose, necessity, and transparency. A compliance tool can help João create a comprehensive data inventory by automatically scanning the company's systems and databases to identify personal data.
-
Implement privacy policies and procedures: João needs to establish privacy policies and procedures that comply with the LGPD's requirements, such as obtaining consent, providing access and correction rights, and reporting data breaches. He also needs to ensure that his employees are trained on these policies and procedures. A compliance tool can provide João with templates and guidelines to create privacy policies and procedures that comply with the LGPD, and can also help him track employee training and awareness.
-
Monitor and manage data protection risks: João needs to monitor and manage the risks that his company faces in relation to personal data protection, such as unauthorized access, data breaches, and non-compliance. He needs to establish controls and measures to prevent and mitigate these risks. A compliance tool can help João monitor the company's data protection risks by providing alerts and reports on potential threats and vulnerabilities. It can also help him manage incidents and breaches by providing workflows and templates for incident response and reporting.
Concept creation
In this project, I chose to use the dynamic Blueprint Strategy to visualise and define the most important aspects of the challenge in creating a platform that could serve businesses in GDPR compliance.
This framework helped us to find, list and categorize in order of relevance, the main challenges, the company's aspirations regarding the proposed tool and the commercial focus areas so that we could better understand the user persona. In addition, we catalogued the guiding principles and objectives that we would like to achieve in the medium to long term.
Next, I suggested we use a group dynamics as well, called "Is, Isn't, Does, Doesn't".
This dynamics gave us a clearer view of the functionalities of the tool, implementation possibilities and the main thing, which was a clear understanding of the team about the limitations and tasks that this system was not meant to perform.
Finally, I created together with the Product Owner of the project, an applicability leveling of the functionalities for the MVP.
With this, we could write stories and epics for the development team to vote on in our first planning meeting.
Concept Validation - Maze
To validate the feasibility of a web platform with a workflow of GDPR compliance services.
In the script that we created, the user is required to log in, access a platform with a dashboard, upload documents inherent to sensitive user data, complete some steps of the compliance workflow, and send the execution confirmation via email.
The participants were chosen based on the proto-persona profile.
During the test session, participants were monitored to identify any difficulties or problems that could affect the expected results.
Since it is a simple tool, no major correction points were found within the service workflow that could impact business decisions.
The insights from the usability test guided us to iterate and improve the design in some points of the interface but without any major challenges.
Also tested were
• Completion rate
• Average completion time
• Steps to task completion
• Error rate and severity
• Satisfaction rates
These metrics served to highlight which tasks had the most trouble during usability testing, also helping us to track potential design redesigns.
Design and Handoff
We created a library of elements to establish minimum consistency and speed up the design delivery process for development.
It was created in accordance with the brand manual and defines basic styles such as typography, spacing and colour, and cross-platform components such as lists, tables and avatars.
Dashboards
The user experience was improved with a user-friendly couple of dashboards and simple-to-use tools.
Users have access to a SaaS platform on which they can find all the necessary tools simply in a side menu.
File upload
The file upload screens with sensitive data provide a sending history of the last files for quick consultation and viewing.
Implementation workflow
It was identified during the research that the steps of the task workflow would bring more confidence to the user with the feeling of a successfully executed task.
Design Sprint and insights
My solution was to create a simple to use platform that resembled a modern and fun visual identity.
After the survey responses and insights gathered in the Design Sprint, I was able to explain to the team and stakeholders the importance of implementing a cookie window aggregator on client websites
File upload
The file upload screens with sensitive data provide a sending history of the last files for quick consultation and viewing.
All in one
By also adding the platform's payment plans, we were able to implement an important request from the business team, which was identified in the Blueprint Strategy.
Next up
Delaware Synapsis