Use case: data access rule set up
The same permission rules have been set up for both MetaClasses:
• Processing Activity
• Data Transfer.
The visibility (access rights) of these MetaClasses is customized according to the user profile:
• Data Protection Officer (DPO)
The Data Protection Officer (DPO) works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR. The DPO edits processing activities, carries out pre-assessments as well as DPIAs.
• DPO Correspondent
The DPO Correspondent (Privacy) plays the same role as the DPO but his tasks are restricted to a sub-set of the organization.
• Privacy Team
The Privacy Team is made of operational people who carry out the instructions of the DPO or the Chief Privacy Officer.
The visibility (access rights) of these MetaClasses is managed through three data access rules.
E.g.: the “GDRP - DPO Delegate - Purpose - Reading” data access rule applies to both Data Transfer and Processing Activity MetaClasses for Data Protection Officer (DPO), DPO Correspondent and Privacy Team profiles.
Principle of a permission rule setup on Data Transfer and Processing Activity MetaClasses:
1. Creation of the macros that manage the rules:
• GDPR - Activity Owner PrAct - Readig.Implementation
• GDPR - Purposes -App Owner - ReadingImplementation
• GDPR - DPO Deputy - Processing Reading.Impl
2. Creation of the data access rules associated with each macro:
• Data Access Type: "Reading"
• Profiles associated with the rule: Data Protection Officer (DPO), DPO Correspondent, Privacy Team.
3. Connecting the data access rules with the Data Transfer and Processing Activity MetaClasses.
E.g.: in the Data Transfer MetaClass properties, Data Access tab, all of the three rules are connected to the MetaClass.
