This post originally appeared on Ueno’s blog. Dear Ueno is an advice column for people who for some weird reason think we know what we’re doing. Find out more, or read our old advice.

* * *


Jan from Michigan sent us an email:

Dear Ueno,

What is GDPR and what does it mean for designers? Should I be doing something?

Liz Donovan, in charge of marketing and things at Ueno NYC, cheerfully replies:

Hi there, Jan.

Everyone recently received a bunch of emails about updated privacy policies that they promptly deleted. I don’t blame them.

If you work in marketing, design, technology, or any web-related job, you might have seen the letters GDPR floating around. But it’s still a pretty foggy concept.

Let’s try to clear some of the fog.

What. The. GDPR.

The General Data Protection Regulation (GDPR) is a new legislation in the European Union that sets rules for how companies can collect and process Personally Identifiable Information (PII). It officially went into effect on May 25th, 2018.

PII includes things like name, email address, birthdate, identification documents (passport, social security number), address, phone number, password, biometrics (face, fingerprint, voice) — basically all the information that’s unique to you.

So it only applies to companies and people in the EU?

Nope. A company based in the US probably has website visitors who are citizens of the EU, so they also need to be compliant. It is the World Wide Web, after all.

What are the rules?

  • Companies that collect personal data must be upfront about what they’re collecting, why they’re collecting it, how long they will keep it, and if they’re sharing it with any other companies or outside the EU.
  • Individuals whose data is captured can request a copy of all the data a company has about them, and they have the right for the data to be erased.
  • Some companies are required to employ a Data Protection Officer (DPO), who is responsible for managing compliance with the GDPR. This applies to a) public authorities, b) organizations that engage in large scale systematic monitoring, or c) organizations that engage in large scale processing of sensitive personal data.

What does this mean for the general public?

  • For individuals: If you’re an EU citizen your data will be more protected and you have more control over what companies do with it. Yay! For everyone else, nothing much to see here — move along.
  • For companies: Regardless of where they’re based, if they handle Personally Identifiable Information for EU Citizens may face fines if they don’t get compliant ASAP.

What does this mean for me as a designer? What should I be doing for the sites I make?

GDPR is great for users, and most of the compliance action takes place on the data storage, engineering, or marketing side. That said, it’s still tricky for designers because the requirements are vague.

Basic compliance:

  • Use simple, clear language.
  • 2-choice CTAs need to be presented with equal importance“Yes, I accept,” and “No, I decline” must be styled in the same way, with no primary/secondary styling.
  • GDPR compliance opt-in checkboxes cannot be checked by default.Sneaking in a checked “yes, sign me up for your newsletter!” checkbox in your signup flow is not allowed.
  • If the user is opting in to anything anywhere, you need to let them opt out — probably in the Settings section.
  • Make sure your Settings section includes a “Download your data” option.
  • Newsletters are double-opt-in — after signing up on your website, you must send them another email asking them to confirm their subscription.
  • Granular permissions.

Checklist for designers:

  • Are your designs misleading in any way? (It helps to think of GDPR as a way of being “ethical” as a designer.)
  • Do you need all the information you’re asking the user to give you? Why? And what are you giving the user in return?
  • Are you communicating about privacy in a simple and clear way?
  • Do your designs help the company build trust with the user?
  • Is it clear that the user can manage privacy controls at any time?
  • Is it clear where privacy settings can be managed?
  • Is it abundantly clear what information the user is currently sharing or not sharing?
  • What information would the user expect to find in the “download your information” feature?
  • Does your design make it clear what the user should expect to see in their downloaded information?

Hope this helps.

— Liz.

P.S. Special thanks to Carolyn Zhang and Joshua Munsch for their contribution.

Obligatory legal disclaimer: Please don’t sue us if this explanation isn’t 100% legally precise. As always, consult with your lawyer before doing anything, ever.

Analyze this: Tips for setting up analytics on your website

This post first appeared on Ueno’s blog here.

Making things pretty is not enough. The things we make also have to work well for their intended purpose — telling a story, selling a product, sharing content. One of the ways we use to tell if what we build achieves its purpose is through analytics. Information is power!

Gathering useful information from a website is more than slapping on some code. Before adding any code snippets, you must first identify what you want to track, and why. Then work with your developers to implement the analytics code, check that all is firing as expected, and BOOM! You’re ready to go. Simple, right? Sort of.

We recently did an analytics audit of the Ueno website to establish objectives and make sure we’re getting the information necessary to make the best decisions. Website changes take time and money, so we needed to prioritize, and data would allow us to do just that. We chose Google Analytics (GA) because it’s a powerful tool, generally easy to use, and one of the most commonly used platforms across industries.

Our first step was to define our objectives. What’s the purpose of Ueno’s website? This is what we came up with:

  1. Attract new business
  2. Attract new talent
  3. Showcase our work

Once we established those objectives, we brainstormed a list questions that would help us measure them.

  • How many people are visiting the site? How many of those are completing the new business inquiry form?
  • How much content are people consuming? How many pages to they visit and how far do they scroll?
  • Where are visitors coming from? Which channels are most likely to result in a new business inquiry or job application?

When we had a broad sense of the information we needed, and it was time to set up the GA account. Here are three key components to the setup:

1. Conversion Goals

Based on the primary objectives, we defined two Conversion Goals to measure how often users complete specific actions.

A conversion goal might seem more obvious on an e-commerce site (a purchase, for example) but depending on your objectives you can always find some action to measure success. Here are ours:

  • Conversion Goal 1 — New business form submission: Fires every time someone completes our new business inquiry form
  • Conversion Goal 2 — Careers application submission: Fires every time someone submits an application

These are the two main actions we want people to take on the site, so at a high-level they can tell us how effective our website is and which traffic channels are performing best.

2. Events

Next, we defined several GA Events to help measure how well the website is achieving its objectives.

  1. New business events
  • New business form form: Number of visits, submits and successes
  • Track what page(s) are driving the most new biz submissions / what content influences people to submit
  • What channels (e.g. social, newsletter, referring sites) drive submissions

2. Career events

  • Job application form: number of visits, submits and successes
  • What channels (e.g. social, newsletter)/websites are driving applications

3. Engagement events

  • Clicks: all clicks to outbound links
  • Expands: expansion of content
  • Scroll tracking: what percent of visitors scroll to 25%, 50%, 75% or 100% of the page

3. Audience Segments

We wanted to view website data through the lense of different audiences to hone in on behaviors — who is doing what and why. Here’s a list of audience segments we set up:

  • Engagers: Users who clicked an outbound link or expanded content
  • Non-Engagers: Users who did not click a link or expand content
  • Converters: Users with at least one goal completion
  • Non-Converters: Users with less than one goal completion
  • Organic Traffic: Users who were referred from a search engine (Google, Bing, etc.)
  • Social Traffic: Users who were referred from a social media channel
  • Email Traffic: Users who were referred by email (our newsletter)
  • Blog traffic: Users who were referred by Ueno blog

Segmenting the audience lets us filter information such as:

  • How does traffic from email channel behave differently from traffic from the blog?
  • What actions from converters are contributing to conversion?

Are you thinking about setting up analytics for your own company or agency? Here are a few tips based on our experience.

  • Start simple. It might be appealing to gather ALL the information, but it can also be overwhelming. Establish two or three goals to start, and focus on learning as much as you can about what contributes to those goals. Build from there.
  • Enlist help. Even though I had a good sense of what we wanted to achieve, we hired an expert GA consultant to help. It was great to have someone confirm or challenge my ideas, share his experience from working on GA setup for other clients, and help with technical implementation.
  • Keep iterating. Setting up your analytics isn’t a one-and-done process. The first phase will establish a baseline, but you may quickly discover that there’s more you want to know. And as your website grows, make sure new pages are tagged.
  • Don’t forget to block your IP address. You can blacklist visits from your company’s IP address so internal traffic data doesn’t muddy your data.

We’re using the data from GA to establish a performance baseline, so we can measure the impact of any changes to the site.

We’ll keep you posted.

-Posted by Elizabeth Donovan-