đź’˝

Data Erasure Requests Automation System

Expertise
UI design
Responsive Web
Created
Apr 1, 2023
Tools
Figma
Miro
notion image
 
đź‘€
My role in the project at a glance
As the UX/UI Designer on this project, I was responsible for creating an interface that would streamline the process of handling data erasure requests. I worked closely with Privacy Officers to understand their workflow, needs and challenges. Throughout the project, I conducted user research, created user flows, and developed wireframes that evolved into high-fidelity mock-ups through iterative feedback sessions.

Context

Individuals have the right to request the deletion of their personal data—known as the 'right to erasure' or 'right to be forgotten'. Organizations must comply unless legal exemptions apply and are required to notify third parties that received the data. This process is often complex and involves coordination across multiple departments, making it time-consuming. At the company I worked with, Privacy Officers struggled to manage these requests efficiently, prompting us to explore a digital solution to streamline the process.
 

Problem

When companies receive data erasure requests, they must follow established processes to handle them appropriately. In the company, the existing process was inefficient due to several manual steps:
  • Privacy Officers had to contact the HR department to obtain basic data about the individual who requested data erasure
  • Privacy Officers had to manually forward information to another department which contacted data subject to verify their identity
  • They had to manually verify local data retention requirements to determine what data could be deleted and when
  • Finally, they needed to identify in what systems the data were stored and coordinate with various system owners (e.g., HR system administrators) to execute the data deletion
This manual approach at every stage made the process extremely time-consuming and inefficient, leading to reduced productivity of Privacy Officers.

Solution

To address these challenges, the company initiated a project to develop a digital solution that would streamline the data erasure request process. The goal was to create a comprehensive platform that would automate many of the manual tasks, improve workflow efficiency, and provide Privacy Officers with the tools they need to handle requests more effectively.
 
👇
 Click to jump to the corresponding section
Discovery
UX Research →
User stories →
User Flows →
Design
Mid-fidelity wireframes →
Style Guide →
High-fidelity wireframes →
Reflections →
 

Discovery

UX Research

Upon joining the project, I conducted UX research to understand user needs and pain points. Through multiple sessions and interviews with Privacy Officers, I identified key challenges including time-consuming manual actions on various stages of processing data subject requests.
The research uncovered several key challenges in handling data erasure requests. Privacy Officers spent significant time manually gathering data from multiple systems, verifying information across different sources, and reviewing documentation to make erasure decisions. Working closely with Product owner, Privacy Officers and legal teams, we discussed core principles for the system, with data minimization being paramount - ensuring that users would only see relevant information at each step of their journey, enhancing both security and usability.

User stories

Based on insights gathered during the discovery phase, I created user stories to capture key requirements and functionalities needed by Privacy Officers. These user stories provided the foundation for designing a solution that effectively addressed the needs identified during research.
 
notion image
 
notion image
 

User Flows

I created detailed user flows to map out the key interactions and system behaviors, which served as the foundation for the subsequent design phases and ensured a logical, user-centered approach to the solution.
 
Scenario 1
As a user, I want to easily get basic Data Subject information and share them with the global team so that they can verify Data Subject identity.
notion image
 
Scenario 2
As a user, I want to access comprehensive information about an identified Data Subject so that I can decided what data can be deleted and determine which system owners need to be contacted for data erasure.
 
 
notion image

Design

Mid-fidelity wireframes

After finalizing the user flows, I moved forward with creating mid-fidelity mockups. These mockups served as visual representations of the proposed design and were iteratively refined through feedback sessions with end-users. Throughout the design process, we maintained our focus on data privacy and security by ensuring that information would only be revealed at appropriate stages of the user journey.
 
Regular user view
Regular users can efficiently search and filter basic information about data subjects. After identifying the correct person based on the limited information, users can click on the selected row to access more detailed information needed for data subject verification.
 
notion image
 
notion image
 
Admin views
Users with admin permissions can access an additional section where they can review search history, including when and what information was searched by other users. Admins can also manage system access permissions and review access history to see who has been granted access to the system.
 
notion image
notion image
 

Style Guide

To ensure consistency appearance, this project was developed using our company's established design system, which provided a robust foundation for the interface design.
 
The key style guides utilized included:
  • Typography system with specified hierarchy
  • Color palette, including primary and secondary colors, along with specific use cases
  • Standardized icon library
  • Pre-built UI components
  • Grid system and spacing guidelines
notion image
 
notion image
 

High fidelity

Based on the information provided by the data subject, the privacy specialist performs a search in the system. The search interface displays a comprehensive list of data fields and relevant information needed at this stage of the process. The system shows only essential details required for identification, adhering to data minimization principles while enabling efficient processing of the request. Additional filters facilitate searching process in case of receiving high volume of results.
 
notion image
 
Based on the initial information, privacy specialists can share relevant data with another specialist who verify the data subject's identity. The system provides a copy functionality that allows specialists to automatically copy specific data fields needed for verification. This data can then be securely shared through existing internal communication channels. In future iterations, the system will enable direct information sharing through the DSR Automation platform, eliminating the need for external communication channels and further streamlining the verification process.
 
notion image
 
Once the data subject's identity is verified, the privacy specialist can proceed with data erasure actions.
  1. Through the report enrichment process, the system provides recommendations about which data can be erased based on retention requirements and applicable laws.
  1. The privacy specialist can view comprehensive information additional recommendations facilitate the decision making process.
  1. As a next step, privacy specialist must contact system owners through existing communication channels to request data deletion.
In future iterations, the platform will enable direct communication with system owners through automated deletion requests, further streamlining the process and reducing manual coordination efforts.
 
notion image
 
Privacy Officers can access and review generated reports for up to 14 days after creation. After this period, the data is automatically deleted from the system in accordance with data minimization principles. To enhance workflow efficiency, Privacy Officers can pin important reports for quick access, and sort reports based on different parameters. The system also maintains a clear overview of all active requests, helping Privacy Officers track progress and manage deadlines effectively.
 
notion image
 
The Admin interface includes a 'Members History' tab that provides detailed oversight of user activities. Administrators can view a comprehensive log of all search queries performed by users including the specific search terms entered and whether the searches yielded any results. The system maintains a detailed record of each user's search patterns, timestamps of searches, and the types of data accessed.
 
notion image

Reflections

I gained valuable experience of designing complex business systems. The biggest challenge lay in balancing comprehensive functionality with a clean, intuitive interface.
One of the key learnings was the importance of data minimization in privacy-focused applications. Every piece of information displayed needed to serve a specific purpose, which pushed me to be extremely intentional with the design decisions. The project also highlighted the value of breaking down complex workflows into manageable steps.
This project was incredibly rewarding as it allowed me to tackle real business challenges where digital solutions could make a tangible difference. By addressing inefficiencies, we helped Privacy Officers save countless hours on manual tasks.
 

Thank you for your time! đź‘€

 
📢  Linkedin →