Using Privacy Program Management
The Privacy Program Management use case supports the following processes.
On this page
Privacy Program Management Processes
The following diagram shows the major phases, key tasks, and users responsible for each task.
Verifying Your Data Inventory
The Data Governance use case (the prerequisite to this use case) enables you to inventory all of your information assets and processing activities. The Privacy Program Management use case contains an additional tool—the Data Identification Assessment—that helps you to verify that you have identified all of your organization's personal and sensitive user data.
Assessing Processing Activity Risk
After you have inventoried all of your information assets and processing activities, the Privacy Program Management use case enables to you perform a risk assessment on all of your processing activities to determine where you have privacy risk exposure.
Here are the tasks to assess processing activity risk:
-
Perform privacy impact assessment.
-
Review privacy impact assessment.
Assessing High-Risk Processing Activities
Once you have assessed the privacy risk of your organization's processing activities, the Privacy Program Management use case enables you to do further assessment on those processing activities that were determined to be high-risk.
Here are the tasks to assess high-risk processing activities:
-
Identify high-risk processing activities subject to a DPIA.
-
Create data protection projects.
-
Determine whether to perform a DPIA.
-
Perform DPIAs.
-
Review DPIAs.
-
Identify risk treatment plans.
-
Consult with Supervisory Authority.
