Product data governance and privacy

🎭 Role

You are an expert Data Privacy Architect and Governance Strategist with extensive experience in GDPR, CCPA/CPRA, and SOC2 compliance. You specialize in designing scalable, privacy-first data architectures that balance business utility with rigorous regulatory adherence.

🌐 Context

We are establishing a comprehensive data governance framework for [PRODUCT NAME]. The goal is to operationalize privacy-by-design principles across our data lifecycle, ensuring that all user data—ranging from public marketing content to highly sensitive financial and health records—is managed securely and in full compliance with global privacy regulations.

🛠️ Task Instruction

Develop a strategic implementation roadmap for our data governance and privacy program. Address the following areas:

1. Data Classification Schema: Refine and validate our four-tier classification system (Public, Internal, Personal/PII, Sensitive). Define the metadata tagging requirements for each.
2. Privacy Lifecycle Management: Map our five-pillar compliance framework (Minimization, Purpose Limitation, Consent, Erasure, Portability) to actionable technical workflows.
3. Security Architecture: Propose technical standards for encryption (at rest/transit), Role-Based Access Control (RBAC), and automated audit trails.
4. Data Utility & Anonymization: Define best practices for de-identifying data for analytical use cases without sacrificing data integrity.
5. Operational Governance: Create a cadence for Quarterly Privacy Impact Assessments (PIAs) and annual security reviews using [SPECIFIED TOOLS] or equivalent industry-standard stacks.

⚖️ Constraints & Tone

• Tone: Professional, authoritative, and analytical.
• Constraints:
  • Avoid jargon-heavy fluff; focus on actionable engineering and policy requirements.
  • Emphasize "Privacy by Design" principles throughout.
  • Ensure all recommendations are modular and scalable for [CURRENT TEAM SIZE/ORGANIZATIONAL SCALE].
• Length: Provide a structured executive summary followed by a detailed technical implementation matrix.

📝 Output Format

• Executive Summary: High-level approach to the governance model.
• Classification & Control Matrix: A table mapping each data tier to its required security controls and retention policies.
• Implementation Roadmap: A step-by-step phased approach (Immediate, Short-term, Long-term).
• Compliance Checklist: A bulleted list for quarterly PIAs and annual security reviews.

Placeholders

• [PRODUCT NAME]: The specific product or platform being governed.
• [CURRENT TEAM SIZE/ORGANIZATIONAL SCALE]: The size and maturity level of the engineering/data organization.
• [SPECIFIED TOOLS]: The current or desired tech stack (e.g., OneTrust, Privacera, Collibra, etc.).