Three GDPR concepts lend themselves particularly well to the work of designers wishing to give users better control of their data.
Any processing of personal data must be lawful and fair. Any information or communication relating to the processing of personal data must be easily accessible and easy to understand (plain language).
When necessary, consent should be given by a clear, voluntary and free act whereby the relevant data subject shows their agreement to the processing of their personal data in a specific, informed and unambiguous way.
Exercise of rights
Users affected by the processing of personal data have rights entitling them to keep control of such data. You need to indicate the existence of these rights and explain where, how and who to contact to exercise them in practical terms.
The ecosystem of personal data
… means any information used to directly identify (surname, first name, etc.) or indirectly identify (telephone number, IP address, etc.) a data subject.
… is an operation (or several) performed on personal data. This ranges from the simple collection of data to its transformation or even transfer.
… implements the processing by committing to its proper implementation and compliance with the law.