Privacy Nexus is a web application for organisations to map out all use of personal data within the organisation, to qualify these findings and to use this to improve processes or respond to incidental events, such as data breaches or data subject requests.
When I started working on Privacy Nexus, which was then called Data Protection Centre, the application was little more than an advanced proof of concept overcoming the most critical technical hurdles. The challenge for me was to, together with the developers, evolve it into a complete and user-friendly product. I did this by first exploring which people within an organisation will use Privacy Nexus and created personas from these people. Based on the personas I mapped out their ideal journeys, created fitting wireframes and designed matching UI for each usecase of Privacy Nexus.
Complying to the GDPR is, especially within larger organisations, a complicated and organisation-wide endeavour. It's also more than just a task for the Privacy Officer and the Data Protection Officer. People working with personal data, system administrators and executives play a vital role as well.
I therefore investigated how these people cooperate and what their needs, goals, frustrations and privacy knowhow are. To summarise this information I created personas to be used as one of the cornerstones of further UX-research.
To get a complete picture, I mapped out the steps that need to be taken per usecase of Privacy Nexus from the perspective of each persona. This resulted in a complete overview of how the members of an organisation can use Privacy Nexus together to achieve GDPR compliance.
The first UX journey I've made covered how Privacy Nexus is adopted within the organisation up untill the moment in which the current state regarding storing and processing personal data is inventorised. This map shows the perspective of the Privacy Officer during this process.
To be able to design the right modules and features I created wireframes based on the combined UX journeys of the personas. These wireframes capture how the users of Privacy Nexus go through each phase from their UX journeys in the software.
The wireframe for the data breach module divides dealing with data breaches into two clearly defined phases, 'registering the data breach' and 'handling the data breach'. Within these phases all steps that need to be taken are clearly represented.
To get the details of each view right, I iterated on these views and their UI elements by producing a lot of mockups.
When designing the data breach module one of the challenges was to provide the Privacy Officer with a list of tasks which could be completed in any order. It was also necessary to register incremental progress to any of these tasks. In this image a couple of mockups are shown in which I tried out different UI elements for registering progress, completing tasks and showing the history of activities.