Managing User Roles

Home » Noindex Resources » Managing User Roles

Managing User Roles

July 10, 2024
| Mark Roebuck

ProvePrivacy is designed to ensure that users only have access to the information which is required for thier role. To achieve this there are a number of different roles established within the system which only a Company Administrator can assign. A user who has not been assigned any role is referred to as a Standard User and access is limited to:

Raising a ‘Colleague Raised’ Risk via the Incident menu.
Recording a Data Breach via the Incident Menu.
Recording a Data Subjects Request via the Incident Menu
Recording an Information Request (non data subject) via the Incident Menu
Accessing the Tutorials in the Knowledgezone

A Standard User will automatically be granted access to any other module if an authorised user assigns an action to them, however access will be limited to the incidents with the actions raised.

All other modules are strictly restricted based upon the application of the User Roles detailed below:

Record of Processing Activities

ROPA Manager can create and edit an activity for any department across the organisation.
The ROPA Manager can add or remove Department Managers or Data Champions to assist with documenting the ROPA for any department across the system.
When assigning a Department Manager or a Data Champion they must be assigned to a specific Department.
Department Managers can create or edit an activity for their own department only.
The Department Manager can add or remove Data Champions to assist with documenting the ROPA for their own department.
Data Champions can create or edit an activity for their own department only.
A ROPA Manager will have access to the RoPA Dashboard in the Management Information module.

It should be noted that an individual can be allocated a Department Manager role or a Data Champion role for multiple departments.

Data Breach Module

The Data Protection Officer and Breach Manager are the initial recipient of all Data Breach Incidents
The Data Protection Officer and Breach Manager will have full access to all Data Breach Incidents
The Data Protection Officer and Breach Manager can allocate any user as a Data Breach Investigator (via the Breach screen), which they will effect on each individual breach.
A Data Breach Investigator can only access the Data Breach Incidents which they have been assigned to investigate.
The role of Data Breach Investigator is not a role which can be allocated by the Company Administrator – it is added dynamically by the ProvePrivacy system.
A Breach Manager will have access to the Data Breach Dashboard in the Management Information module.

Data Subject Rights Module

The Data Subject Rights Manager is the initial recipient of all Data Subject Rights Incidents
The Data Subject Rights Manager will have full access to all Data Subject Rights Incidents
The Data Subject Rights Manager can allocate any user as a Data Subject Rights Investigator (via the Data Subjects Rights screen), which they will effect on each individual incident.
A Data Subject Rights Investigator can only access the Data Subject Rights Incidents which they have been assigned to investigate.
The role of Data Subject Rights Investigator is not a role which can be allocated by the Company Administrator – it is added dynamically by the ProvePrivacy system.
A Data Subject Rights Manager will have access to the Data Subject Rights Dashboard in the Management Information module.

Information Request Module

The FOI Manager is the initial recipient of all Information Request Incidents
The FOI Manager will have full access to all Information Request Incidents
The FOI Manager can allocate any user as a Request Investigator (via the Information Request screen), which they will effect on each individual incident.
A Request Investigator can only access the Information Request Incidents which they have been assigned to investigate.
The role of Request Investigator is not a role which can be allocated by the Company Administrator – it is added dynamically by the ProvePrivacy system.
A FOI Manager will have access to the Information Request Dashboard in the Management Information module.

Policy & Procedures Module

The Document Super User is the only role which can add a new document to the system, this ensures that document uploads can be controlled.
The Document Super User will allocate a document to a Document Owner when the document is added.
The Document Owner can review their own documents and issue their own documents to other users to ‘read and understand’.
The role of Document Owner is not a role which can be allocated by the Company Administrator – it is added by the Document Super User.
A Document Super User will have access to the Policy Dashboard in the Management Information module.

Technical & Organisational Measures Module

The Controls Manager is the only role which can add a new set of Objectives and Controls to the system, this ensures that Objectives can be controlled.
The Controls Manager may allocate individual controls to another user who will become a Control Owner.
The Control Owner can review their own controls only.
The role of Controls Owner is not a role which can be allocated by the Company Administrator – it is added dynamically by the ProvePrivacy system.
A Controls Manager will have access to the Controls Dashboard in the Management Information module.

E-Learning Module

The E-Learning Manager is the only role which can allocate E-Learning training to users.
An E-Learning Manager will have access to the E-Learning Dashboard in the Management Information module.

Management Information Module

The MI Manager is a role which allows access to all Dashboards
An MI User will only have access to the Dashboards which they are assigned to.

It should be noted that an MI User can be assigned multiple Dashboards.