IVI Framework Viewer

Enforcement of Roles, Responsibilities, and Accountabilities

B3

Allocate responsibility and accountability for personal data protection to named individuals, and manage their performance.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Enforcement of Roles, Responsibilities, and Accountabilities at each level of maturity.

1Initial
  • Practice
    Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
    Outcome
    Any roles, responsibilities and accountabilities are defined ad hoc.
2Basic
  • Practice
    Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
    Outcomes
    • Some roles, responsibilities and accountabilities are defined.
    • Training and competence levels are identified.
    Metrics
    • # Count of regulatory and legislative instruments considered relevant.
    • % of identified regulatory or legislative instruments addressed in policies and controls.
3Intermediate
  • Practice
    Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
    Outcome
    Roles, responsibilities and accountabilities are defined and implemented in most business units.
    Metrics
    • % Roles assigned to staff.
    • % assigned staff that have received role specific or were exempted role specific training.
4Advanced
  • Practice
    Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
    Outcome
    Roles, responsibilities and accountability defined consistently organization-wide.
    Metrics
    • % Roles assigned to staff.
    • % assigned staff that have received advanced data protection training or were exempted from advanced training.
5Optimized
  • Practice
    Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
    Outcome
    Roles, responsibilities and accountability defined and include the business ecosystem.
    Metric
    % business units or functions with defined data protection roles, responsibilities and accountabilities.