GDPR StepWise – Digital Product Policy
Purpose
This policy defines how the GDPR StepWise digital product is designed, delivered, governed, and continuously improved. It ensures the product remains compliant, secure, user‑centric, and commercially sustainable while supporting SMEs in achieving GDPR compliance.
Scope
This policy applies to: the GDPR StepWise page, product, tools, templates, and supporting content - All
internal team members, contractors, and partners involved in delivery - Clients using GDPR StepWise as
a self‑serve, done-for-you or guided compliance solution.
Product Overview
GDPR StepWise is a modular, step‑by‑step digital compliance product enabling SMEs to progress toward
GDPR compliance in a structured, affordable, and practical way.
Core principles: Modular and scalable - Plain‑English compliance - SME‑friendly pricing and delivery -
GDPR by design and by default.
Product Ownership & Governance
Product Owner: Structured PM Ltd
Accountability: Overall product direction, compliance integrity, and client outcomes
Decision Rights: Product roadmap, feature prioritisation, pricing, and content updates
Escalation: Legal, data protection, or security risks escalated to senior management immediately
Delivery & Change Management
Product enhancements follow a controlled, incremental release model Changes are prioritised based on:
Regulatory impact;
Client risk reduction;
Usability and clarity;
Material changes are documented and version‑controlled. Clients are informed of significant updates where relevant.
Data Protection & Privacy
GDPR StepWise is built in line with GDPR principles: Lawfulness, fairness, and transparency - Data
minimisation - Purpose limitation - Storage limitation - Integrity and confidentiality
Personal data processed through GDPR StepWise: Is limited to what is strictly necessary - Is protected
through appropriate technical and organisational measures - Is never repurposed without a lawful basis.
Security & Access Control
Role‑based access to product systems and data
Secure storage of templates and client information
Regular reviews of access permissions
Prompt revocation of access for off‑boarded users or partners
Quality Assurance
All templates and guidance are reviewed for:
Legal accuracy
Practical applicability for SMEs
Consistency with ICO and GDPR expectations
Updates are tested for clarity and usability before release
Client Responsibilities
Clients using GDPR StepWise are responsible for: Providing accurate and complete information
- Implementing guidance appropriately within their organisation - Seeking tailored legal advice where
required GDPR StepWise provides structured guidance, not legal representation.
Product Lifecycle Management
Launch: Controlled release with defined scope
Operate: Ongoing support, maintenance, and updates
Improve: Continuous refinement based on feedback and regulatory change
Retire: Planned deprecation of outdated modules or content
Metrics & Success Measures
Product performance is measured through: Client adoption and completion rates - Reduction in client
compliance gaps - Client satisfaction and feedback - Regulatory alignment and audit readiness
Review & Maintenance
This policy is reviewed: At least annually - Following significant regulatory change - When material product changes are introduced Owner: Structured PM Ltd
Version: 1.0
Last Review: 29/12/2025
By: Tiago Lourenco - founder of Structured PM & creator of GDPR StepWise