How to make privacy policies both GDPR-compliant and usable

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
125 Downloads (Pure)

Abstract

It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.
We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.
Original languageEnglish
Title of host publication2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
PublisherIEEE
Number of pages8
DOIs
Publication statusPublished - 29 Nov 2018
EventCyber Science 2018: Security, Safety and Survivability in an era of constant, contemporary and complex Physical and Cyber Attacks - Grand Central Hotel, Glasgow, United Kingdom
Duration: 11 Jun 201812 Jun 2018

Conference

ConferenceCyber Science 2018
Abbreviated titleCyber SA
CountryUnited Kingdom
CityGlasgow
Period11/06/1812/06/18

Fingerprint

Data protection
Privacy policies
Deadline
Check list
Template
Usability
Privacy

Cite this

Renaud, K., & Shepherd, L. (2018). How to make privacy policies both GDPR-compliant and usable. In 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) IEEE . https://doi.org/10.1109/CyberSA.2018.8551442
Renaud, Karen ; Shepherd, Lynsay. / How to make privacy policies both GDPR-compliant and usable. 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE , 2018.
@inproceedings{d31c7c59eabe4478a2dda906276995d7,
title = "How to make privacy policies both GDPR-compliant and usable",
abstract = "It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.",
author = "Karen Renaud and Lynsay Shepherd",
year = "2018",
month = "11",
day = "29",
doi = "10.1109/CyberSA.2018.8551442",
language = "English",
booktitle = "2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)",
publisher = "IEEE",

}

Renaud, K & Shepherd, L 2018, How to make privacy policies both GDPR-compliant and usable. in 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE , Cyber Science 2018, Glasgow, United Kingdom, 11/06/18. https://doi.org/10.1109/CyberSA.2018.8551442

How to make privacy policies both GDPR-compliant and usable. / Renaud, Karen; Shepherd, Lynsay.

2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE , 2018.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - How to make privacy policies both GDPR-compliant and usable

AU - Renaud, Karen

AU - Shepherd, Lynsay

PY - 2018/11/29

Y1 - 2018/11/29

N2 - It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

AB - It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

U2 - 10.1109/CyberSA.2018.8551442

DO - 10.1109/CyberSA.2018.8551442

M3 - Conference contribution

BT - 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

PB - IEEE

ER -

Renaud K, Shepherd L. How to make privacy policies both GDPR-compliant and usable. In 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE . 2018 https://doi.org/10.1109/CyberSA.2018.8551442