Product management gdpr focus and strategy ankita kapoor-24 april 2018
- 1. PRODUCT MANAGEMENT – GDPR FOCUS & STRATEGY Ankita Kapoor
- 2. › IMPACT OF GDPR ON BUSINESSES › GDPR SDLC › PRODUCT MANAGER’S STRATEGY FOR GDPR › KEY PODUCT FEATURES FOR GDPR › EXAMPLE GDPR PRODUCT BACKLOG AGENDA Ankita Kapoor
- 3. IMPACT OF GDPR ON BUSINESSES GDPR Compliance – Benefits › No additional spending on Customer Acquisition Cost (CAC) and Customer Retention Cost (CRC) › Competitive edge over businesses who aren’t compliant or marketing enough › Expansion of customers base around the world because of additional trust › Availability of consented and dependable customer data › Intelligent digital marketing campaigns and hyper-personalization GDPR Non-compliance – Loss › Loss of EU customer base worldwide › Loss of revenue and profits from the EU region › Fines of up to 4% of annual global turnover, or 20 million EURO Ankita Kapoor
- 4. GDPR SDLC › Privacy by Design and Default › Threat Modelling › Secure Development Lifecycle › Dynamic Testing › Penetration Testing › Configuration Guidelines Design Development Testing Release Ankita Kapoor
- 5. PRODUCT MANAGER’S STRATEGY FOR GDPR › Interface with the Legal team and DPO › Fresh look at Customer and Customer Data › Understanding what data 3rd Party Service Providers/Vendors have › GDPR Compliant Product Backlog › GDPR focused Non-functional Documentation › Configuration Guidelines for every Release / Production › Testing is the key! Ankita Kapoor
- 6. MAIN PRODUCT FEATURES FOR GDPR Right to data portability – Import/ export Right to access and accuracy Erasure (right to be forgotten) Redefine customer data mapping Vendor onboarding and complianceRight to restrict processing Security and encryption Consent management platform Ankita Kapoor
- 7. EXAMPLE GDPR PRODUCT BACKLOG # Epics Stories 1 Redefine customer data mapping › Create new database system for storing and accessing data › Interface for internal users to interact with data and retrieve it 2 Right to access and accuracy › Interface for customers to view data › Interface for customers to request for rectification 3 Right to data portability – Import customer data › Create central repository to host data from different data storage locations › Define mapping, file extensions, sources › Interface for internal users to view and process data 4 Right to data portability – Export customer data › Convert imported data into a human readable format › Define file structure and extension › Interface for internal users to process the request › Interface for customers to request data Ankita Kapoor
- 8. # Epics Stories 5 Erasure (right to be forgotten) › Impact on internal applications and customer facing applications › Impact on backend/database › Auto-delete once data is no longer required › Exempted data – what cannot be deleted (UI and DB handling) 6 Right to restrict processing › Add ‘data private’ option – impact of blocking and suppressing data 7 Consent management platform › Robust cookie policy – detailed consent form for customers › Add ‘opt-in’ option › Update agreement policies in all applications 8 Vendor onboarding and compliance › Checklist of compliance and necessary certificates › Awareness program, DIY tutorials videos and support team › Interface for processing customer requests (to view, edit, delete or port customer data) EXAMPLE GDPR PRODUCT BACKLOG (CONTD…) Ankita Kapoor
- 9. # Epics Stories 9 Workspace setting center › Interface for team collaboration and administrator › Data consolidation from different departments 10 Register of data processing activities › Audit trails and change logs to be maintained – DB and UI 11 Login and password policies › Revisit login and password policies › Evaluate different options like cryptography hash functions etc. 12 Security and encryption › Revisit data security and encryption layer through out the application 13 Marketing GDPR › Mention GDPR compliance on all possible places in the application 14 Technical Debt › Assessment and scoping for the same Ankita Kapoor EXAMPLE GDPR PRODUCT BACKLOG (CONTD…)