The following table provides an overview of the resource role and tasks required for each of the main privacy-related workflows. The resource roles are mapped to the required tasks for each workflow, in Collibra Platform.
Tip Keep in mind that some personas, for example Preston Sterling, our Privacy Officer, is assigned the Business Steward role for certain resources and workflows, in addition to his more intuitive assignment to the Privacy Steward role, for other resources and workflows.
Business Process workflow
| Persona | Resource role |
Task |
|---|---|---|
|
|
Business User |
Describes:
|
|
|
Business Steward |
Aligns with the Business User to ensure the business process is accurately described and conforms to the data model. |
|
|
Data Steward |
Finds a data set that corresponds to the description provided by the Business User and the Business Steward, and maps it to the business process. If the data set does not exist, he onboards a new data set. |
|
|
Privacy Steward |
Validates or completes the legal meta-data, such as the purpose and legal basis for processing the data, and the cross-border indicator. |
|
|
Owner |
Accepts ownership and approves the business process. |
|
|
Stakeholder |
Optionally provides feedback during the onboarding of the business process. |
Data Set workflow
| Persona | Resource role |
Task |
|---|---|---|
|
|
Business Steward |
|
|
|
Owner | Accepts ownership and approves the data set. |
|
|
Stakeholder | Optionally provides feedback during the onboarding of the data set. |
Technology Asset workflow
| Persona | Resource role |
Task |
|---|---|---|
|
|
Business Steward |
|
|
|
Owner | Accepts ownership and approves the technology asset. |
| TBD | Stakeholder | Optionally provides feedback during the onboarding of the asset. |
Data Sharing Agreement workflow
| Persona | Resource role |
Task |
|---|---|---|
|
or |
Business Steward |
|
|
|
Owner |
Accepts ownership and approves the data sharing agreement. |
Assessment (DPIA/PIA, LIA and CSA) workflows
| Persona | Resource role |
Task |
|---|---|---|
|
|
Business Steward | Completes the assessment. |
|
|
Privacy Steward | Provides feedback during the onboarding of the assessment. |
|
|
DPO | Optionally provides feedback during the onboarding of the assessment. |
|
|
Owner | Accepts ownership and approves the assessment. |
|
|
Stakeholder | Optionally provides feedback during the onboarding of the assessment. |
Risk workflow
| Persona | Resource role |
Task |
|---|---|---|
|
or TBD |
Privacy Steward (Preston Sterling or other, depending on the type of risk.) |
|
|
or
|
Owner (DPO or CISO, depending on the type of risk) |
Accept ownership of and approve the risks. |
|
|
Stakeholder | Optionally provides feedback during the onboarding of the risks. |
Remediation Plan and Remediation Action workflow
| Persona | Resource role |
Task |
|---|---|---|
|
or TBD |
Business Steward (Preston Sterling or other, depending on the type of risk being addressed.) |
Onboard remediation plans and actions to address outstanding privacy and security risks. |
|
|
DPO | Optionally provides feedback during the onboarding of the remediation plans and actions. |
|
or
|
Owner (DPO or CISO, depending on the type of risk being addressed.) |
Accepts ownership and approves the remediation plans and actions. |
|
|
Stakeholder | Optionally provides feedback during the onboarding of the remediation plans and actions. |
Security Breach Managment Workflow
| Persona | Resource role |
Task |
|---|---|---|
|
|
Any user | Logs a potential data breach. |
|
|
Community Manager | Assigns investigation manager. |
|
|
Investigation Manager |
Analyzes impact of the data breach. |
|
|
DPO | Reviews analysis of the data breach and reports, when necessary. |