Processing Activity Controller Assignment
How is the Processing Activity generally assigned to stakeholders?
We are looking for more information on how the Processing Activity application was developed with respect to the assignment of Data Controllers. There are multiple ways to assign the Data Controllers out of box. You must assign a Business Unit/Division/Company/Third Party or multiple Third Parties. When you select one of these, you then select from the Contacts application the Controller Representative.
However, if there are Multiple Controllers, then the Joint Controller Responsibilities cross-reference appears which is a reference to the Privacy Roles and Responsibilities application. Why aren't both of these references to Privacy Roles and Responsibilities?
Also, if there are multiple Controllers involved in the Processing Activity, but they are not Joint Controllers, how is it recommended to represent this on the Processing Activity record? The client wants to avoid having a very large number of Processing Activities to manage, and they would not like to create separate Processing Activity records for every instance where there are multiple Controllers that are not Joint Controllers.
Any assistance would be appreciated. The client may have more questions for RSA or other organizations who have implemented Data Governance or Privacy Program Management, so it would also be helpful to be put in contact with individuals familiar with how the solution was developed, as the documentation currently does not have this level of detail.
- Community Thread
- Forum Thread
- privacy program management
- processing activities
- RSA Archer
- RSA Archer Suite