Timeline
Role
Product Designer- Strategy/UX
Status
Tools & Research Methods
Team
2 Developers, 1 Product Owner, Sales Team, 1 Designer
Privacy Impact Assessment (PIA) is to identify and reduce privacy risks and increase compliance in companies.
They can benefit the company in
Data Collection Awareness→ (What personal data is being collected?)
Data Use → (How is the data being used?)
Risk Assessment → (What are the privacy risks?)
Mitigation Strategies → (How can these risks be minimized?)
Compliance Check → (Ensure adherence to legal standards)
And…., Compliance is Complex! Because….
Laws change frequently
Technology moves faster than laws
Every company is different
Balancing privacy with innovation is tricky
Mistakes are expensive
Global business meets local rules
In-order to keep up with the ever-changing laws, we need companies like Ardent Privacy to assist in privacy compliance.
Problems
Two Major Business Problems in Ardent
Current customers are unhappy with the product, leading to retention issues.
Inability to sign new clients because of lack of functionality.
Research Phase
Understand more about why the company is facing issues
P.S. It was not that easy
Major Challenge
The Challenge of Reaching Real Users
In a B2B company like Ardent, it was quite difficult to get in touch with real users directly like one can expect in a B2C company due to various factors like Confidentiality, Limited User Base and their Busy Schedules.
Leveraging the current customers and Sales Team to Gather User Insights
My approach to this challenge was to utilize the current customers and sales team to collect insights from customers. I attended calls with the sales team to identify paint points and ask the right questions. I also prepared a detailed research guide with essential questions for the sales team to ask in my absence, ensuring we gathered valuable information to improve the product.
UX Research Guide
User Groups
Now, More about the Users that use the product
Data Protection Officer
Privacy Reviewer
Business Owner
Research Methods
Two research methods I used to understand the problems
User Interviews
Purpose : To understand current customer’s paint points and fulfill their needs
Competitve Analysis
Purpose : To evaluate what the market offers and to strategize how to attract new clients
Qualitative Research
User Interviews
Purpose - Understand why the current users are facing difficulties with the product.
Participants - 5 Customers ( DPO, PR, Legal, IT Admin, BO)
Type- Open- Ended with Usability Testing
Duration - 45 min Call on Google Meet
Market Research
Competitive Analysis
Purpose - Understand the gaps between the current market needs and the product
Research Findings
Understanding the needs and pain points of Current and Future Users
From the research, it was evident that we are not at the stage where we want to be right now. It also helped me understand the gaps between the product and the market. Let’s see some major pain points
Problem Statement
A problem well-stated is a problem half solved
Ben is an overwhelmed and frustrated DPO who needs a simplified, centralized privacy assessment tool because current solutions are complex, time-consuming, and require manual data entry across multiple systems, leading to inefficiencies and potential errors/delays in compliance management.
Specific goals
Increase engagement
Decrease complexity
Get new clients
Key metrics
Customer Acquisition Rate
Time to Complete a PIA
Customer Satisfaction
Ideation Phase
Strategize and Bridge the gaps between users and the product
Ideation
Gathering Requirements for the Redesign
Purpose - Analyze the gaps from the research and bridge them through introducing new features/ improvements in the product.
Design Phase
Solve problems through designs
There are three Major Steps/ Stages involved in the Assessment Creation Workflow. Understanding and improvising each stage is crucial for this redesign.
Assessment Template Creation
The Inefficient and Time-Consuming process of Assessment creation
Our initial assessment template creation process was cumbersome and confusing. Users had to navigate through numerous unnecessary screens, leading to a disjointed and exhausting experience.
Specific issues included:
~ High drop-off rates due to a lack of intuitive navigation and control.
~ Excessive time required to complete template creation, reducing operational efficiency.
~ Lack of an import feature, leading to redundant data entry and potential errors.
No signifiers about what type of question it is, whether it is assignable or not, scored or not, screened or not. Every time the user has to click on the edit button to view the options.
No way of backing out/Cancelling the popup when creating a question
Not enough information for the users to take decisions. Makes it harder for the user to understand what certain labels mean.
NEW DESIGN - CREATE QUESTION
Intuitive Buttons allows the user to make quick decisions
NEW DESIGN - Import Question
Components
Laws
Filter by Laws
Filter by Laws
NIST Cybersecurity
BSI C5
CIS V8
MLPS
ISO 22301
Cyber Essentials UK
ENS
ISO 27001
ISO 27002(ISO 27001 Annex A)
ISO 27017
ISO 27018
TX_RAMP L1
FEDRAMP Tailored
FEDRAMP Moderate
HIPAA Security
IRAP
ISMAP
MAS
PCI-DSS 4.0
KFSI
SOC 2
NIST Cybersecurity
CCF ID
Filter by CCF ID
Filter by CCF ID
AM-01
AM-02
AM-03
AM-04
AM-05
AM-06
AM-07
AM-08
AM-09
AM-10
AM-11
AM-12
AM-13
BC-01
BC-01
BC-01
AM-01
AM-0..
CCF Domain
Filter by Domain
Filter by Domain
Asset Management
Backup Management
Business Continuity
Configuration Management
Change Management
Cryptgraphy
Customer Managed Security
Data Management
Entity Management
Identity and Access Management
Incident Response
Mobile Device Management
Network Operations
People Resources
Privacy
Proactive Security
Asset Management
Backup Manag...
STEP 2
Scoring Logic Creation
The Complex and Cumbersome process of creating Scoring logic
The assessment's current scoring logic creation process being complex and unintuitive was a major roadblock for users, hindering their ability to effectively utilize our platform.
Specific issues included:
~ Users struggling to understand and implement scoring formulas, leading to decreased platform usage.
~ High support costs due to frequent queries and requests for assistance.
~ Difficulty in scaling the product to meet diverse client needs, due to its initial customization for HDFC, limiting market expansion.
Not much information is given to users about the scoring creatiion UI which might lead to confusion.
Overly Complex and Confusing scoring formula creation UI. Takes multiple steps to completed the scoring logic
An easy and efficient to use Risk level Range to set Risk Levels.
STEP 3
Assigning the Assessment
The unintuitive and Inexact process of assigning the template
Our inefficient assignment process was creating operational bottlenecks and user dissatisfaction.
Specific issues included:
~ Inability to track and manage assignments effectively, leading to missed deadlines and incomplete tasks.
~ Difficulty in editing assigned templates, causing confusion and errors.
~ Lack of an approval matrix, limiting control and oversight for DPOs.
TASK FLOW
Intuitive " Call-to-action" back to navigate the users to the next possible action item.
Capability to add as many assignees to one assessment template as possible.
Flexible and Customizable approval matrix which can possess levels inside levels.
Testing Phase
Test the designs with Potential Users/ Current Customers
I conducted Usability Testing with 6 Internal Team members , 4 Current Customers and presented this version as a Demo for a new client
Results
Impact of the Current Design Project
50%-
Reduction in Time-to Complete a PIA
Took nearly half the time to create assessments and assign
47%+
10+
New Clients Onboarded in the next Month
Areas I would like to explore
Integrating AI to automate filling out assessments
Plugins that can be installed to assess what kind of data there is instead of manually answering them.
Add Collaboration Feature to the Assessment like how I ideated initially.
Key Learnings
Diving into the privacy and security industry was initially overwhelming and daunting due to its complexity and specialized terminology, especially in a B2B context. As someone new to the B2B sector, I found the learning curve steep. However, this experience revealed an unexpected preference, I've come to appreciate B2B work more than B2C. The opportunity to tackle intricate, business-focused UX challenges in B2B has proven both engaging and rewarding, broadening my skill set and professional interests.