User Roles in ProvePrivacy

Posted
Last Updated On
ByMark Roebuck
You are here:
< Back

General System Access

When a User is added to ProvePrivacy, by default they have no privileges and can access none of the available modules, in order to access a module a user must either be assigned a role by the Company Administrator (see individual roles below) or be assigned a task by another user. Tasks include:

  • Assignment of an Action
  • Assignment of a Risk (allows access to the Risk module)
  • Assignment of a Breach investigation (allows access to the Breach module)
  • Assignment of a Data Subjects Rights investigation (allows access to the Data Subject Rights module)
  • Assignment of an Organisational Control (allows access to the Technical & Organisational Measures module)

Company Administrator

A company administrator is provided with the privileges to achieve the following:

  • Create a new Department
  • Create a new User
  • Assign a role to a User
  • Assign a User to a Working Department

By assigning a User to a Working Department it is possible to group Users into Departments, which in turn makes assigning Policies and E-Learning courses easier.

Records of Processing Activities

The following roles are applicable to the Record of Processing Activities module:

Data Protection Officer

  • Full access to all Activities within the ROPA
  • Contact for high risk notifications via the ProvePrivacy email notification

ROPA Manager

  • Full access to all Activities within the ROPA
  • Assignment of a User to the Department Manager role
  • Assignment of a User to the Data Champion role
  • Contact for high risk notifications via the ProvePrivacy email notification

Department Manager

  • Full access to Activities contained within their assigned Department
  • Assignment of a User to the Data Champion role

Data Champion

  • Full access to Activities contained within their assigned Department

A User may be assigned as Department Manager or Data Champion to multiple Departments if required.

By establishing a number of Data Champions it is possible for a ROPA Manger to delegate responsibility for maintaining the ROPA to key data owners within the organisation, thereby improving information quality.

Breach Management

The following roles are applicable to Breach Management module:

Data Protection Officer

  • Contact for Breach notifications via the ProvePrivacy email notification

Breach Manager

  • Full access to all Breaches
  • Initial contact for reported Breaches via the ProvePrivacy email notification
  • Contact for assigned Breach expiry notifications via the ProvePrivacy email notification
  • Assignment of a Breach to a Breach Investigator

Breach Investigator

  • Access to assigned Breaches
  • Contact for assigned Breach expiry notifications via the ProvePrivacy email notification

Note the role of Breach Investigator cannot be assigned by the System Administrator and can only be assigned as part of the breach management procedure by changing the Investigator in the recorded incident screen.

Data Subject Rights Management

The following roles are applicable to Data Subject Rights Management module:

Data Subject Rights Manager

  • Full access to all Data Subject Rights incidents
  • Initial contact for reported Data Subject Rights incidents via the ProvePrivacy email notification
  • Contact for assigned Data Subject Rights expiry notifications via the ProvePrivacy email notification
  • Assignment of a Data Subject Rights incident to a Data Subjects Rights Investigator

Data Subject Rights Investigator

  • Access to assigned Data Subject Rights incidents
  • Contact for assigned Data Subject Rights expiry notifications via the ProvePrivacy email notification

Note the role of Data Subject Rights Investigator cannot be assigned by the System Administrator and can only be assigned as part of the data subject rights management procedure by changing the Investigator in the recorded incident screen.

Policy Management

The following roles are applicable to the Policy Management module:

Document Super User

  • Creation of a new document
  • Assignment of a document to a Document Owner

Document Owner

  • Assigning their Owned Documents to Users for reading
  • Reviewing their Owned Documents at the specified review date
  • Contact for their Owned Documents expiry notifications via the ProvePrivacy email notification

Document Reviewer

  • Reviewing Documents at the request of a Document Owner
  • Contact for Document review notifications via the ProvePrivacy email notification

Note the role of Document Owner or Document Reviewer cannot be assigned by the System Administrator. Document Owner can only be assigned by the Document Super User when uploading the initial document. Document Reviewer is only assigned by the Document Owner as part of the optional document review process.

Risk Management

The following roles are applicable to the Risk Management module:

Risk Manager

  • Full access to all Risks
  • Initial contact for reported Risks via the ProvePrivacy email notification
  • Assignment of a Risk to a Risk Owner

Risk Owner

  • Access to assigned Risks

Note the role of Risk Owner cannot be assigned by the System Administrator and can only be assigned as part of the Risk management procedure by changing the Risk Owner in the recorded incident screen.

Technical & Organisational Controls

The following roles are applicable to the Technical and Organisational Controls module:

Controls Manager

  • Creation of a new version of Objectives and Controls
  • Assignment of a Control Owner to an individual control

Control Owner

  • Management of an individual control

Note the role of Control Owner cannot be assigned by the System Administrator and can only be assigned as part of the Objects and Controls management procedure by changing the Control Owner in the control details screen.

E-Learning

The following roles are applicable to the Knowledgezone module:

E-Learning Manager

  • Assignment of an e-learning course to a User
  • Assignment of an e-learning course to an annual schedule
  • Access to e-learning reports