The product managers guide for getting yes from legal & privacy

A framework that makes your legal and privacy department your allies

Most of us have been there, excited for this new great feature that users will love. Designers are with you, engineering is confident in their estimation, and even the executives think it’s a good move.

In all this excitement you forget that little detail of clearing the concept with legal. As soon the team is closing into putting it to production the legal team appears like a wild pokemon.

So below is my framework and to ensure that the legal department is on board and an extension of your product team.

Steps

  1. Prepare feature information packet (description on this is below)
  2. Book meeting and attach information packet
  3. Present, listen and iterate the concept

The focus is to listen to what makes sense, understanding what legal sees as business risks and whether is to be mitigated or accepted by your executives.

The feature information package

Description of the complete product

Example: The HRBox is a complete SaaS-tool for your HR organization to collect, handle and take action on employee complaints. It is a product aimed to help organizations to collect, follow up and take action.

Description about this feature and how it fits in with the complete product

Example: We want to develop a search function in HRBox to enable our admin users to search for all complaints in one go. This will make it easy to find them no matter the amount of time span.

Concept visualization of the flow

Example created in Whimsical

User flow

Data list and description

  • What data will be shown to the user
  • What data will be created and stored from the user
  • What data will be created by user 1 and then shown to user 2
  • Where will data be stored?
  • How long will the data be stored?
  • Who will have access to the data?
  • How do they get access to the data?
  • What data will be used for analytics without opt-in?

If yes, what are the use cases for the analytics? what is the insight you want to get?

  • What data will be used for analytics with opt-in?

If yes, what are the use cases for the analytics? what is the insight you want to get?

Simplified solution architecture (focus on where data comes from, what tools are used (sub-processors)

Download the data list here: https://docs.google.com/spreadsheets/d/1bge9JJPYeEkYN8J7tcFGxGF5rIHYFaq55sCl2CActPw/edit?usp=sharing

Present, listen and iterate the concept

Present your feature and focus on what value it will bring to the company.

Do not try to be a lawyer yourself because you read some articles about privacy law.

During the meeting, you should focus on listening and documenting down what the legal team focuses on. What are they worried about? What makes them want to say no to your fantastic feature?

Do not take any hasty decision in the meeting even if the legal team allows you to do it. Take back the information and iterate on your concept and data list.

Finalize and get signoff

Once the iterations are done, you send it to the legal team to do their evaluation and last mentions. They will advise next steps where you either home free or having to ask your risk manager for approval.

and there you go, your feature can now be built!

Product manager @ Securitas Intelligent services