Some of the organizational changes are substantial. Having an independent privacy force review all existing and new product features for privacy implications can be a huge drain on velocity, especially if they demand a lot of changes.
But really, this is how organizations should be run: there should be a user-privacy-focused resource inside the company that can work with product to guide how features get implemented. (The same goes for accessibility, technical feasibility, and other things that product people aren't necessarily measured against.)
But really, this is how organizations should be run: there should be a user-privacy-focused resource inside the company that can work with product to guide how features get implemented. (The same goes for accessibility, technical feasibility, and other things that product people aren't necessarily measured against.)