UX implications – EU General Data Protection Regulation

I'm struggling to find any UX-specific guidance on the impact of GDPR - the new EU data protection regulation - coming into force May 2018.

From the reading I have done so far, I've identified use-scenarios such as:

  • consent to be expressed by clear affirmative action ("Silence, pre-ticked boxes or inactivity," however, is presumed inadequate to confer consent). I understand use of cookies, device IDs will be in scope

  • users have the right to withdraw consent at any time and “it shall be as easy to withdraw consent as to give it.”

  • the right of users to opt-out of their data being used for profiling (use of personal data to analyse or predict people’s performance, behaviour, situation, interests, location or movements)

  • right to be erased

  • right to portability

  • right to request data stored on user

Could anyone point to further reading or thoughts on how these changes will be solved for in terms of UI? At a basic level, for example, would the standard pattern for a cookie notification need to change, how might you make consent "as easy to withdraw consent as to give it"

Welcome thoughts from the community