Article reporting on a study on the human-centered design of a GDPR-compliant data protection tool for data processors was accepted for publication in Behaviour & Information Technology

Our work entitled “Data Cart - Designing a tool for the GDPR-compliant handling of personal data by employees” by Jan Tolsdorf, Florian Dehling and Prof. Dr.-Ing. Luigi Lo Iacono has been accepted for publication in Behaviour & Information Technology under the special issue “Usable Security and Privacy with User-Centered Interventions and Transparency Mechanisms”.

The article addresses the issue of usable tools for the data protection compliant processing of personal data by employees acting under the authority of a data controller. We report on a user-centered design study in which we developed a concept and tool incorporating Privacy by Design. Working with 19 employees of two public organizations in Germany, we present a concept that supports employees in handling personal data and complying with data protection laws. Through a series of workshops and usability tests, we demonstrate the solution’s potential for improving the usability of data protection compliant tools for managing personal data. At the same time, we show how data controllers benefit from improved compliance.