PM Privacy Products
(2026 Edition)
5 principles and 5 metrics for privacy-conscious PMs.
Build Privacy PM Skills — Free →5 Principles
Data minimisation — collect only what you need for the job
Purpose limitation — don't reuse data across unrelated purposes
Consent is a UX problem, not just legal — make it honest and specific
DSR (data subject request) flows — export, delete, rectify, portability
Privacy reviews on every feature — shift left to avoid rewrites
5 Metrics
DSR fulfilment SLA (typically 30–45 days by law)
Consent opt-in rate per surface
Data retention compliance — how much expired data is still stored?
Privacy incident count and severity
Time-to-privacy-review for new features
FAQ
What does India's DPDP Act change for product teams?
Formal consent requirements, DSR fulfilment SLAs, and penalties up to INR 250 crore for major breaches. Products built pre-DPDP often need consent flow rework, data retention policies, and DSR endpoints. Treat DPDP as a cross-functional project with eng, legal, and product jointly owning compliance.