The regulatory climate is in a process of change. Design, having been implicated for some time, is now explicitly linked to law. This paper recognises the heightened role of designers in the regulation of ambient interactive technologies. Taking account of incumbent legal requirements is difficult. Legal rules are convoluted, uncertain, and not geared towards operationalisable heuristics or development guidelines for system designers. Privacy and data protection are a particular moral, social and legal concern for technologies. This paper seeks to understand how to make emerging European data protection regulations more accessible to our community. Our approach develops and tests a series of data protection ideation cards with teams of designers. We find that, whilst wishing to protect users, regulation is viewed as a compliance issue. Subsequently we argue for the use of instruments, such as our cards, as a means to engage designers in leading a human-centered approach to regulation.