Enforcement of Roles, Responsibilities, and Accountabilities
Allocate responsibility and accountability for personal data protection to named individuals, and manage their performance.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Enforcement of Roles, Responsibilities, and Accountabilities at each level of maturity.
- 1Initial
- Practice
- Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
- Outcome
- Any roles, responsibilities and accountabilities are defined ad hoc.
- 2Basic
- Practice
- Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
- Outcomes
- Some roles, responsibilities and accountabilities are defined.
- Training and competence levels are identified.
- Metrics
- # Count of regulatory and legislative instruments considered relevant.
- % of identified regulatory or legislative instruments addressed in policies and controls.
- 3Intermediate
- Practice
- Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
- Outcome
- Roles, responsibilities and accountabilities are defined and implemented in most business units.
- Metrics
- % Roles assigned to staff.
- % assigned staff that have received role specific or were exempted role specific training.
- 4Advanced
- Practice
- Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
- Outcome
- Roles, responsibilities and accountability defined consistently organization-wide.
- Metrics
- % Roles assigned to staff.
- % assigned staff that have received advanced data protection training or were exempted from advanced training.
- 5Optimized
- Practice
- Identify, agree and assign roles including allocation and enforcement of data protection responsibilities.
- Outcome
- Roles, responsibilities and accountability defined and include the business ecosystem.
- Metric
- % business units or functions with defined data protection roles, responsibilities and accountabilities.