.png?height=120&name=logo-dld-blanc-transparent-baseless(1).png){kind=logo}
Client Administration : this article describes the 6 preset roles that are delivered with the GDPR software, and lists their default permissions.
For a detailed explanation of roles and permissions, see Setting up users and roles.
Table of contents
Functional description
|
ROLE |
FUNCTIONAL DESCRIPTION |
|
Administrator |
The Administrator is the person in charge of managing the content in the software. They complete the various fields and enter the information required for GDPR governance for the entities they are in charge of. For example, they complete the information in the directory and can validate certain processing activities. They ensure that the processing record is correct and complete, monitor management activities, and can initiate actions. They are also in charge of division administration. Typically, the Data Protection Officer (DPO) is the Administrator. However, not all Administrators are DPOs. To find out more, read About the DPO below. |
|
Entity contact |
If an entity belongs to a parent company (or holding, etc.), the Entity contact is in charge of GDPR compliance in the daughter entity. They apply the directives laid down by the parent company concerning both processing handled at parent company level, and processing specific to their daughter entity – unless they are empowered to make certain decisions. The Entity contact ensures that parent company directives and their own directives are applied by the collaborators of the entity. They are under the supervision of the parent company DPO and/or the entity DPO. If the entity in question does not have its own DPO, then the Entity contact is the contact for the parent company DPO. |
|
Substitute contact |
The Substitute contact has a role similar to that of the Entity contact, but with fewer permissions. They perform certain tasks at the latter’s request or if they are unavailable. |
|
Division head |
The Division head is the person responsible for the division or department where the personal data processing in question is performed. They are under the responsibility of their employer and are supervised by the DPO, who is in charge of GDPR compliance with regard to this processing. They give instructions to the employees in their division to ensure compliance. They have a global view of the personal data processing performed in their division. For example, for HR processing, the Division head will be the Head of Human Resources; for IT processing, they will be the Head of IT. |
|
Person in charge of processing |
The Person in charge of processing has knowledge of the characteristics of the data processing in question, i.e. its purpose, the types of data processed, the data recipients, etc. They can be a project manager or operational staff. Under the instructions of their Division, and under the supervision of the DPO, they help to ensure compliance of their organization by reporting the data processing information in their possession. In their field of expertise, they help build the processing record. |
|
User |
The User role has mostly read-only rights. This role is typically suited for a CEO of an entity, who only requires a global view of the state of progress of the entity’s GDPR compliance. |
About the DPO
Data Protection Officer (DPO) is not a preset role. Depending on how the entity is organized, the DPO will often have the Administrator role, but this will not always be the case. And some entities may not have a DPO at all.
So what is a DPO? The DPO is the person in charge of ensuring GDPR compliance in the entity. They can be an employee or externally appointed. They are not empowered to make decisions regarding the implementation of personal data processing. Rather, they give an opinion concerning the state of the entity’s GDPR compliance. Their mission is to inform and advise the entity with regard to its obligations, monitor the entity’s compliance in terms of role distribution and personnel awareness, and offer advice on the entity’s impact assessments (PIA). In parallel, the DPO cooperates with the official national regulatory authority and is the contact person for this authority and for the persons whose data is processed.
The DPO must always be included in all matters relative to personal data protection. They report directly to the entity’s highest level of management. The DPO is independent, shall not be given instructions on how they are to perform their mission, and cannot be penalized for such performance. The DPO can be an employee of the entity’s legal division, compliance division, IT division, HR, etc. In this case, the entity must ensure that the duties of the person appointed as DPO do not create a conflict of interest with their DPO duties. If the entity belongs to a parent entity, the DPO can be the parent entity’s DPO, or the DPO of another entity belonging to the same parent entity.
To find out more about DPOs, in the sidebar of the GDPR software, see Directory → DPO. And for complete information on DPOs, see https://edps.europa.eu
The following table shows the default permissions that come with the 6 preset roles.
To change these permissions, see Setting up users and roles.
|
|
Admini-strator |
Entity contact |
Substitute contact |
Division head |
Person in charge of processing |
User |
|
Directory Global entity settings. |
||||||
|
Access to Directory menu |
X |
X |
X |
X |
X |
X |
|
Access to DPO page |
X |
X |
X |
X |
X |
X |
|
Directory: Entity Entity information. Access to Directory menu (in Directory) must be enabled. |
||||||
|
Access to Entity page |
X |
X |
X |
X |
X |
X |
|
Update entity |
X |
|
|
|
|
|
|
Add activity |
X |
X |
|
|
|
|
|
Edit activity |
X |
X |
|
|
|
|
|
Delete activity |
X |
|
|
|
|
|
|
Directory: User settings Entity user settings. Access to Directory menu (in Directory) must be enabled. |
||||||
|
Access to User Settings |
X |
X |
X |
X |
X |
X |
|
Update user |
X |
X |
|
|
|
|
|
Manage permissions |
X |
|
|
|
|
|
|
Directory: Divisions Division settings. Processing activities linked to a division can only be seen by division members. Access to Directory menu (in Directory) must be enabled. |
||||||
|
Access to Divisions page |
X |
X |
X |
X |
X |
X |
|
Create division |
X |
X |
|
|
|
|
|
Delete division |
X |
|
|
|
|
|
|
Update division |
X |
X |
|
|
|
|
|
Link division to entity |
X |
X |
X |
|
|
|
|
Unlink division from entity |
X |
|
|
|
|
|
|
Link user to division |
X |
X |
|
|
|
|
|
Unlink user from division |
X |
X |
|
|
|
|
|
Link processing to division |
X |
X |
X |
|
|
|
|
Unlink processing from division |
X |
X |
X |
|
|
|
|
Repository management Grants read/write access to the repositories. Users without these permissions have read-only access. |
||||||
|
Manage sites |
X |
|
|
|
|
|
|
Manage third parties |
X |
|
|
|
|
|
|
Manage software |
X |
|
|
|
|
|
|
Manage contacts and departments |
X |
|
|
|
|
|
|
Manage areas |
X |
|
|
|
|
|
|
Management of team activities: tasks, analytics, projects, etc. |
||||||
|
Access to Actions page |
X |
X |
X |
X |
X |
X |
|
Access to Management menu |
X |
X |
X |
X |
X |
X |
|
Create action |
X |
X |
X |
X |
X |
|
|
Download tasks |
X |
|
|
|
|
|
|
Access to Analytics page |
X |
X |
X |
X |
X |
X |
|
Access to Privacy by design page |
X |
X |
X |
X |
X |
X |
|
Manage project form |
X |
X |
X |
X |
|
|
|
Access to Training page |
X |
X |
X |
X |
X |
X |
|
Access to Contracts page |
X |
X |
X |
X |
X |
X |
|
Update action information |
X |
X |
|
|
|
|
|
Delete an action |
X |
|
|
|
|
|
|
Processing & Record |
||||||
|
Access to Processing page |
X |
X |
X |
X |
X |
X |
|
Access to Record page |
X |
X |
X |
X |
X |
X |
|
Download Record |
X |
|
|
|
|
|
|
View all processing in all divisions |
X |
X |
X |
|
|
|
|
Add processing |
X |
X |
X |
|
|
|
|
Delete processing |
X |
|
|
|
|
|
|
Update processing |
X |
X |
X |
X |
X |
|
|
Activate processing |
X |
X |
X |
|
|
|
|
Deactivate processing |
X |
X |
X |
|
|
|
|
Transfer processing |
X |
X |
X |
X |
X |
|
|
Download processing |
X |
X |
X |
X |
|
|
|
Clone processing |
X |
|
|
|
|
|
|
Validate processing |
X |
X |
X |
|
|
|
|
Diagnosis |
||||||
|
Access to Diagnosis page |
X |
X |
X |
X |
X |
X |
|
Impact Assessment (PIA) |
||||||
|
Access to PIA page |
X |
X |
X |
X |
X |
X |
|
Create PIA |
X |
|
|
|
|
|
| Clone PIA |
|
|
|
|
|
|
|
Update PIA |
X |
|
|
|
|
|
|
Write PIA |
X |
|
|
|
|
|
|
Read PIA |
X |
|
|
|
|
|
|
Validate PIA |
X |
|
|
|
|
|
|
Evaluate PIA |
X |
|
|
|
|
|
|
Delete PIA |
X |
|
|
|
|
|
|
Document database Document permissions management. The permission for controlling document sharing only applies if you have created an entity tree with the Data Legal Drive administrators. |
||||||
|
Access to Document database |
X |
X |
X |
X |
X |
X |
|
Change sharing status of a document |
|
|
|
|
|
|
|
Delete documents |
X |
X |
|
|
|
|
|
Audits and controls |
||||||
|
Access to Audits and Controls page |
X |
X |
X |
X |
X |
X |
|
Requests from data subjects |
||||||
|
Access to Requests from data subjects page |
X |
X |
X |
X |
X |
X |
|
Request module settings |
X |
|
|
|
|
|
|
Manage requests |
|
|
|
|
|
|
|
Personal data breach |
||||||
|
Access to Data Breach page |
X |
X |
X |
X |
X |
X |
|
Legal resources |
||||||
|
Access to Resources menu |
X |
X |
X |
X |
X |
X |
|
Access to Smart actions menu |
X |
X |
X |
X |
X |
X |
|
Access Sanctions map |
X |
X |
X |
X |
X |
X |
|
Access Code Dalloz |
X |
X |
X |
X |
X |
X |
|
Access to News menu |
X |
X |
X |
X |
X |
X |
| Forms | ||||||
|
Access to Forms page |
X |
|
|
|
|
|
|
Access to Campaigns page |
X |
X |
X |
X |
X |
|