The ICO exists to empower you through information.

You’re almost ready to share your work with the world. Before you do, check you’ve addressed any lingering privacy issues.

Check carefully before release

Are you confident you have mitigated any privacy risks identified in earlier stages? Unresolved concerns can lead to legal risks and harm customers’ confidence.

  • You should check with legal, data protection, and other senior stakeholders that they are happy for your product or feature to launch.
  • If you are unsure whether people’s privacy needs are fully met, you could conduct a round of usability testing focusing on privacy, to assess your solutions (see Research).
  • Bugs are often dangerous sources of privacy issues. You should run regression tests to check whether the new feature has broken old code.
  • As you launch to live environments, you should remove or replace test or staging data.





Factor privacy into rollout plans

If you have a launch checklist, a few points about privacy could save a lot of trouble after launch:

  • You should plan what to do if something goes wrong. Do you have a rollback strategy, or another way to fix problematic code? If you face an issue that affects people’s access to personal information, your organisation must ensure this access is restored in a timely manner.
  • To help respond to new customer feedback and privacy-related questions, you could inform your customer support team of changes you’ve made before launch.
  • How will you get early warning of any privacy issues once you launch? You could look, for example, for evidence of younger people accessing the feature, reports of harm, or analytics that suggest people are accessing reporting or support interactions. If this analysis involves storing information on a user’s device, or accessing information stored on a user’s device, you must obtain consent for this analysis.


The makers of a dieting app are launching a new integration with a fitness app run by a partner company. The project team makes plans to monitor customer feedback on forums for three months after launch, and to track data on how many people choose to use the feature.

  • You should build in some time after launch to identify and fix any issues that emerge.

Tell people what to expect

Under UK GDPR, people have the right to be informed about how their personal information is processed. For example, if your new product or feature affects how you collect or use personal information, you must provide clear and understandable information on these changes.

  • To explain the privacy aspects of new features, you could use product marketing, release notes, or in-app communications. Describing the protections you’ve put in place helps ease people’s concerns, leading to greater trust and adoption.
  • You could also tell people of any new behaviours you recommend they adopt to reduce the risk of future privacy problems, such as enhanced password management practices.



Previous: Development | Next: Post-launch