UX implications – EU General Data Protection Regulation

I'm struggling to find any UX-specific guidance on the impact of GDPR - the new EU data protection regulation - coming into force May 2018.

From the reading I have done so far, I've identified use-scenarios such as:

consent to be expressed by clear affirmative action ("Silence, pre-ticked boxes or inactivity," however, is presumed inadequate to confer consent). I understand use of cookies, device IDs will be in scope
users have the right to withdraw consent at any time and “it shall be as easy to withdraw consent as to give it.”
the right of users to opt-out of their data being used for profiling (use of personal data to analyse or predict people’s performance, behaviour, situation, interests, location or movements)
right to be erased
right to portability
right to request data stored on user

Could anyone point to further reading or thoughts on how these changes will be solved for in terms of UI? At a basic level, for example, would the standard pattern for a cookie notification need to change, how might you make consent "as easy to withdraw consent as to give it"

Welcome thoughts from the community

Tags: UX Stack Exchange

UX in 2018: The human element

Three Takeaways from the Hawai’i Missile False Alarm

UX in 2018: Content

UX in 2018: Design, Development, and Accessibility

The Power and Danger of Persuasive Design

UX implications – EU General Data Protection Regulation

Related Posts