THE STATE DATA PROTECTION INSPECTORATE OF LITHUANIA
Designing a national data protection dystem in two months
The State Data Protection Inspectorate of Lithuania set out to digitise its paper-based workflows and needed a clear, functional system architecture to manage personal data oversight across the country. With only two months allocated for the design phase, we aimed to define the backbone of a new, scalable digital system that could support long-term growth while addressing immediate legal and operational needs.
​
With such high stakes, we focused on making low/mid fidelity wireframes and information architecture crystal clear. Moving from paper to digital is risky, and UX has the power to make or break a digitisation effort, so our design foundation had to be solid from day one.
The challenge
The timeframe was tight: we had to design the structure of a entire system that would handle everything from data breaches, complaints to monitoring and audits. To stay focused, we worked exclusively in low/mid-fidelity—intentionally prioritising usability and clarity over visual design. That allowed us to map complex legal and compliance processes without losing time to pixel-level decisions. We also had to make careful trade-offs, focusing on core workflows while deferring secondary features for future development.
The process
Weekly workshops and rapid wireframing
We facilitated weekly cross-disciplinary workshops with internal stakeholders (data officers, legal experts, IT staff) to break down each workflow, define system roles and review the wireframes. After each workshop, we turned the team’s input into rough wireframes and an information architecture map, focusing purely on structure and function. Using mid-fidelity sketches let us test ideas quickly – we could get rapid feedback on our core layout without getting bogged down in design details.
Validating information architecture and key features
We ran targeted usability sessions to validate the system’s information architecture and test the most critical features we had designed. To deepen the insights, we analyzed heatmaps and clickmaps generated during testing—these visual data points helped pinpoint areas of confusion, missed expectations, and unused interface elements.
​
This steady rhythm—weekly co-creation, monthly testing—created a sustainable, feedback-driven process. Staying in mid fidelity meant we could adjust and refine designs without delay when something wasn’t working. It allowed us to progress quickly while keeping users at the center of each decision.
Risk segmentation of data controllers
One of the most impactful solutions during the design phase was introducing risk segmentation of data controllers. Instead of treating all data controllers the same, we designed a flexible system that grouped them into risk-based segments based on criteria such as volume of personal data processed, prior violations, or organisational type. This segmentation allowed the Inspectorate to prioritise audits more intelligently, focusing first on high-risk entities, streamline workflows, assigning automated audit triggers or alerts to specific segments and visualise oversight priorities, using dashboards that highlighted risk distribution across sectors.
Despite the short timeframe, we delivered a strong and test-validated foundation for the Inspectorate’s users. Key outcomes included:
​
-
A complete, scalable system ready for development.
-
A tested and validated navigation model aligned with real user behavior.
-
A working low-fidelity prototype covering core features and workflows.
-
Strong internal alignment and buy-in from team members who had actively contributed to its creation.