IVI Framework Viewer

Roles, Responsibilities, and Accountabilities

B2

Complete job and business process designs to identify the required roles for personal data protection tasks, and assign employees with the requisite knowledge and experience to the identified roles. Define and allocate the associated personal data protection responsibilities and accountabilities.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Roles, Responsibilities, and Accountabilities at each level of maturity.

2Basic
  • Practice
    Define basic personal data protection roles and start to assign responsibilities and accountabilities.
    Outcome
    There is an emerging understanding of personal data protection, and some ability to set targets and measure progress against them.
    Metrics
    • # of roles defined.
    • % of employees with allocated responsibilities and accountabilities.
3Intermediate
  • Practice
    Formalize and document the organization's personal data protection roles and assign responsibilities and accountabilities to a group of competent individuals.
    Outcomes
    • There is increased clarity on where responsibility and accountability lie.
    • Goals and targets can be set against which the data protection performance of individuals and business units can be monitored.
    Metrics
    • # of roles defined.
    • % of employees with allocated responsibilities and accountabilities.
4Advanced
  • Practice
    Assign responsibilities and accountabilities to dedicated individuals across the entire organization.
    Outcomes
    • Organization-wide clarity on responsibilities and accountabilities ensures that personal data is protected consistently and effectively across the organization.
    • Instances of non-compliance with responsibilities can be addressed in line with their severity.
    Metrics
    • # of roles defined.
    • % of employees with allocated responsibilities and accountabilities.
5Optimized
  • Practice
    Continually review and refine personal data protection roles as appropriate, and determine the requisite responsibilities and accountabilities that key business ecosystem partners need to fulfil.
    Outcome
    Dynamically adjusting roles, responsibilities, and accountabilities enable personal data to be protected consistently and effectively across the business ecosystem.
    Metrics
    • Frequency of review of personal data protection roles.
    • % of employees with allocated responsibilities and accountabilities.
    • % of business ecosystem partners with allocated responsibilities and accountabilities.