🎉 UserExperior is now part of DevRev  |  Learn more
Balancing GDPR and Product Management: How to Navigate Tough Decisions as a PM
Product Management

Balancing GDPR and Product Management: How to Navigate Tough Decisions as a PM

Bipin VK
 min read
Schedule a Demo

As a product manager, you would have to make tough product decisions due to external circumstances. The path would be even tougher if there are no prior examples from other companies you could reference to garner buy-in from business stakeholders.

One of the toughest battles I have had to face was helping companies become GDPR-compliant. In May 2018, the European Union General Data Protection Regulation (EU GDPR) was created to regulate the collection and use of personal data by companies. By now, you would have seen headlines and stories of large fines imposed on Google, Meta, and Amazon. Failing to abide by GDPR could cause companies to incur a fine of $20 million or 4% of their global annual revenue.

This regulation has created a fantastic case study of how PMs have to make product decisions that are unpopular or even seem contrary, to business. First, it is an external factor (i.e. EU regulation) almost completely outside companies’ control, except whether and how they are going to be compliant. Second, PMs would have to prioritize trade-off decisions/changes to the business model, systems setup, and/or workflows. Thirdly, PMs have to convince different stakeholders with conflicting KPIs and agendas to come together and make the necessary changes for long-term business viability.

In hindsight, the most helpful in helping me make decisions and convince internal stakeholders: 

  • Quickly establishing a baseline understanding of how this would affect the business, internal and external users, and the business’ risk appetite
  • Using empathy to drive strategic communications
  • Qualitative and quantitative analytics to build the business case
  • Leverage the influence of other stakeholders to build the case

To do so, we have to determine how GDPR, would affect the:

  • Business model in terms of revenue, cost, and profitability; 
  • External users (e.g. customers, partners); 
  • Internal stakeholders (e.g. marketing, customer support, engineering); and
  • The likelihood of enforcement/occurrence of it in our business

Think about the business model and stakeholders

Business Models: The business will need to build new processes and systems to be compliant and this is likely to incur costs and man hours. Furthermore, should one of the existing revenue streams come from monetizing users’ data, such compliance measures are likely to restrict the volume and variety of personal data available and negatively impact revenue potential. You will need to understand the legal principles and work with internal stakeholders (legal, customer support, sales team) to find out their risk appetite and potential solutions to mitigate the negative impact.

External Users: Think in terms of how this will impact the users’ core experience when interacting with the product. For example, users on a social media platform are more likely to generate more personal data and may demand more in terms of privacy controls compared to when they are using a streaming platform. It’s best to speak to users to get a full understanding as it will help you scope features and plan the product roadmap.

Internal Users: Think in terms of how this will change the current work process and impact their key performance metrics, and how you would communicate this to them

Using empathy to drive strategic communication

Thinking through these questions before engaging different stakeholders will enable PMs to communicate more effectively, allowing you to gather meaningful insights, align on how success looks like and address concerns without causing unnecessary worries. 

To the Customer Support team, who needs to interact with customers, you might want to say 

“I understand that this is likely to result in the team having to support customers on questions and requests on personal data. How does this affect your team’s key metrics and how do you think we can collaborate to make this success?

To the Sales team, whose role depends on monetising data, you might want to say

“Can you walk me through the current sales process and key metrics so that we can figure out ways where we can mitigate the impact from the new regulations?”

It is important to note that at this stage, the stakeholders are expressing their concerns and ideas from their perspective. A PM’s job is to synthesize insights from different perspectives and manage discussions on why and how trade offs will have to be made. This will help everyone to see from different perspectives so that success can be defined from an organizational-wide level. I would also advise 2 tips here:

  1. Do not jump into solutioning or any promises in the early stage as more changes are likely as more information is uncovered. Instead focus on what are the right metrics to prioritized and guiding principles to deciding trade offs between different metrics. 
  2. Start a periodic cadence of one-on-one meetings and weekly emails so that you can promptly share new information, decisions made and why. While stakeholders may not appreciate the uncertainty, they will surely appreciate you keeping them in the loop.

Using qualitative and quantitative analytics

There are 2 kinds of analytics that you can leverage on to ensure that you are making improvement in a measurable manner. First is user flows (external) or process workflows (internal) where you can try to assess usability. This helps you to visualize what users are going through when they go about their daily tasks. Second revolves around the utilization of product and operational costs incurred to support the product. Here are some examples

Qualitative Analytics: A workflow for users to exercise their right to deletion

  1. Customer raising a support ticket to the customer support requesting for deletion of account
  2. A Customer Support agent to acknowledge the ticket and conduct necessary email verification
  3. Back-and-fro correspondence until the verification is completed
  4. Customer Support agent to delete user’s data and inform user within 30 days

Quantitative Analytics:

  1. User satisfaction of the current process
  2. Total daily/weekly/monthly support tickets 
  3. Total cost of Customer Support agents required to ensure that all tickets are resolved within service level agreement 

By using a combination of the above, you can assess the importance, the value of the improvement(s) and the trade offs to be made for both external and internal users to guide your product decisions. For example, a calculation of the projected cost to scale the Customer Support team could reveal that it is not economically viable to retain existing workflows as the volume of support tickets would increase progressively as the user base grows. Therefore, the company may look to change the workflow and leverage a self-service workflow instead to save costs in the long run.

Leverage on the influence of other stakeholders

After you have made the decisions, it is necessary to check in with key decision makers or influential stakeholders early to get their feedback so that you can address their concerns and course-correct in time. Here are some of the characteristics of the stakeholders that you should engage.

  • Have a vested interest in the project
  • Key decision maker
  • Have influence over other team members

It is also important to err on the side of over-communication and be transparent during the entire product development process. This is especially so when the trade-offs decisions are expected to negatively impact other teams. From personal experience, stakeholders are mostly able to tolerate bad news. What ruins relationships are when information is deliberately withheld until the very last minute, making things worse than they already are. Being transparent helps build trust in relationships and it’s easier to get people to advocate for you when they can trust you.

When executed well, you could get support from them to help influence and get buy-in from the rest of the organization. While PMs should be accountable for product decisions, it doesn’t mean that we should be the only ones seen advocating for decisions made. Having the right stakeholders advocate for you will increase the credibility and effectiveness of you as a product manager.

Closing Notes

I hope that these tips will be helpful to you in making tough product decisions when there are no easy answers. No decisions will be perfect and there will always be tradeoffs that have to be made. I would argue that great PMs are those who have a strong understanding of the business fundamentals and are able to drive cross-functional collaboration to facilitate good decision making by encouraging transparency and empathy for different stakeholders.





Create a more beautiful
user experience

Schedule a 30-minute demo to learn how UserExperior can help you
visualize critical issues on your app and correct them faster.

Related Posts

UserExperior Technologies LLC
2033 Gateway Place, 5th Floor
San Jose, CA 95110
UserExperior has successfully completed a System and Organization Controls (SOC) 2 Type 2 audit, performed by Sensiba San Filippo, LLP (SSF).
Information Security Management System of UserExperior Pvt Ltd has been assessed and found to conform to the requirements of ISO/IEC 27001:2013.

Privacy & Security | Terms & Conditions | GDPR