Roles installed with Privacy Management

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles installed with Privacy Management

    The GRC: Privacy Management application in ServiceNow provides a set of predefined roles designed to support the privacy compliance lifecycle within an organization. These roles enable users to manage privacy activities, assessments, policies, and related compliance tasks effectively. Assigning the appropriate roles helps ensure that privacy responsibilities are clearly delineated and executed according to organizational and regulatory requirements.

    Show full answer Show less

    Key Roles and Their Responsibilities

    • Privacy Analyst (snprivacy.analyst): Manages privacy compliance for assigned processing activities by conducting privacy impact assessments, collaborating with business users to manage controls, resolving compliance concerns, and testing control effectiveness.
    • Privacy Manager (snprivacy.manager): Oversees organization-wide privacy compliance, develops privacy regulations and policies, monitors control effectiveness, plans privacy programs, supervises the privacy team, and reports compliance posture to management and the board.
    • Privacy Admin (snprivacy.admin): Configures privacy management solutions, including setting up privacy impact assessments, automating processing activity creation from assessments, monitoring AI platform dependencies, and managing script configurations.
    • Privacy Assessment Responder (snprivacy.assessmentresponder): Acts as a key stakeholder who responds to privacy assessments and can raise privacy requests through the portal.
    • Privacy Business User (snprivacy.businessuser): Edits assigned processing activities in the Discover state and responds to privacy assessments.
    • Privacy Developer (snprivacy.developer): Authorized to write custom scripts to extend or customize privacy management capabilities.

    Additional Roles for Specific Applications

    • Privacy Employee User (snprivacyemp.privacyemployee): Available when the Privacy Employee User application is installed. Enables employees to request privacy impact assessments, report privacy cases, acknowledge policies, create exceptions, and log privacy issues from the Employee Center.
    • Lite Operator Roles: When the GRC: Privacy Lite User application is installed, roles such as assessment responder, privacy case business user, and privacy business user allow users to respond to assessments, manage processing activities, handle breach assessments, respond to control attestations, and manage privacy case tasks at a lighter operational level.

    Practical Benefits for ServiceNow Customers

    • Streamlines privacy compliance by clearly defining roles and responsibilities aligned with privacy governance needs.
    • Enables efficient management of privacy impact assessments, controls, and regulatory requirements across different organizational levels.
    • Supports customization and automation of privacy processes through configuration roles and developer access.
    • Facilitates employee participation in privacy workflows through dedicated roles integrated with the Employee Center.
    • Provides flexible role assignments tailored to full privacy management or lite operational needs depending on installed applications.

    The GRC: Privacy Management application installs the roles for the privacy analyst, the privacy manager, and the privacy administrator to perform their respective tasks.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    Privacy Analyst

    [sn_privacy.analyst]

    		 Privacy analysts are responsible for managing the privacy compliance posture of the processing activities owned by them.​ They perform the following tasks:
    • Assess the processing activities regularly by sending and reviewing privacy impact assessments​.
    • Work with the management and business users to identify and manage controls related to a processing activity​.
    • Manage and resolve the concerns of business users about compliance-related issues and policy exceptions​.
    • Test and monitor control effectiveness​.
    • sn_grc_workspace.task_reader
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.ara_assessor
    • sn_risk.user
    • sn_compliance.user
    • sn_privacy_case.privacy_case_analyst
    Privacy Manager

    [sn_privacy.manager]

    		 Privacy managers are responsible for managing the overall organization level privacy compliance posture.​ They perform the following tasks:
    • Develop and implement privacy regulations, authority documents,​ and policies.
    • Review privacy regulatory requirements and policies​.
    • Design and monitor controls to deal with violations of privacy regulations and internal policies.​
    • Plan privacy programs and scope entities.
    • Creating privacy impact assessment templates.​
    • Continuously monitor control effectiveness and recommend effective improvements.
    • ​ Supervise the privacy compliance team.​
    • Report to management and the Board of Directors on compliance posture​.
    • Discover who is implementing privacy regulation for the first time in their organization.
    • sn_compliance.manager
    • sn_privacy.analyst
    • sn_risk.manager
    • sn_grc_workspace.task_admin
    • sn_compliance.attestation_creator
    • sn_grc_reg_change.manager
    • sn_privacy_case.privacy_case_manager
    Privacy Admin

    [sn_privacy.admin]

    		 Privacy administrators administer the privacy policy and compliance management. ​ Users assigned this role are responsible for configuring privacy management solutions as per the privacy team's requirements.​ They perform the following tasks:
    • Configure privacy impact assessments and automated flows to trigger assessments​
    • Configure rules to auto-create processing activities ​out of privacy screening assessments.
    • Monitor the ServiceNow AI Platform dependencies with other applications and modules.
    • Can read the scripts under Processing activity script configurations related list.
    • sn_privacy.manager
    • sn_risk_advanced.ara_admin
    • sn_compliance.admin
    • sn_privacy_case.privacy_case_admin
    Privacy assessment responder

    [sn_privacy.assessment_responder]

    		 Privacy assessment responders can respond to the privacy assessments as key stakeholders. They can also raise privacy requests from the portal.
    • sn_grc_workspace.task_reader
    • canvas_user
    Privacy business user

    [sn_privacy.business_user]

    		 Privacy business users can edit the assigned processing activities in the Discover state, and also respond to the assessments.
    • sn_grc_workspace.task_reader
    • canvas_user
    • sn_privacy_case.privacy_case_business_user
    • sn_grc.business_user
    Privacy developer

    [sn_privacy.developer]

    		 Privacy developers can write custom scripts sn_privacy.admin
    If the Privacy Employee User application is installed, then the following roles are available.
    Privacy employee user

    [sn_privacy_emp.privacy_employee]

    		 Enables your employees to perform the following operations from the Employee Center:
    • Proactively request privacy impact assessments (PIAs) for new implementations, applications, and processes from the Employee Center.
    • Report privacy cases related to data privacy policy and regulatory violations.
    • Read and acknowledge organizational privacy policies
    • Create policy exceptions.
    • Create privacy issues.
    • sn_grc.issue_employee_user
    • sn_compliance.policy_ack_employee_user
    • sn_compliance.policy_exception_employee_user
    If the GRC: Privacy Lite User application is installed, then the following roles are considered as lite operators.
    • sn_privacy.assessment_responder
    • sn_privacy_case.privacy_case_business_user
    • sn_privacy.business_user
    • sn_grc_pdr.data_owner_admin

    Users with the lite operator role can do the following:

    • Respond to privacy assessment tasks as business users.
    • Work on the processing activity as a business user when it’s assigned to you to collect the required details.
    • Respond to the processing activity's criticality risk assessments and object-based assessment.
    • Respond to the detailed privacy risk assessments on each risk identified on a processing activity.
    • Work on breach assessments and other privacy case tasks.
    • Respond to the assessment and investigation tasks assigned by the privacy team.
    • Work on personal data rights action tasks to handle data according to the requester's requests.
    • Respond to the assigned control attestations.
    • View, update, and close assigned issues.
    • Create, update, and close assigned remediation tasks.
    • Respond to the assigned manual indicator tasks.