How to make privacy policies both GDPR-compliant and usable

Karen Renaud, Lynsay Shepherd

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

11 Citations (Scopus)


It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.
Original languageEnglish
Title of host publication2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Place of PublicationPiscataway, New Jersey
Number of pages8
ISBN (Electronic)978-1-5386-4565-9
ISBN (Print)978-1-5386-4566-6
Publication statusPublished - 29 Nov 2018
EventCyber Science 2018 - Glasgow, United Kingdom
Duration: 11 Jun 201812 Jun 2018


ConferenceCyber Science 2018
Abbreviated titleCybser SA 2018
Country/TerritoryUnited Kingdom
Internet address


  • privacy
  • guidelines
  • usability
  • companies
  • design methodology
  • data privacy
  • data protection


Dive into the research topics of 'How to make privacy policies both GDPR-compliant and usable'. Together they form a unique fingerprint.

Cite this