Roles installed with Privacy Management

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles Installed with Privacy Management

    The GRC: Privacy Management application equips users with various roles essential for managing privacy compliance within an organization. Each role has specific responsibilities that contribute to maintaining the organization's privacy standards and regulatory compliance.

    Show full answer Show less

    Key Features

    • Privacy Analyst (snprivacy.analyst): Focuses on managing privacy compliance for their processing activities. Key tasks include conducting privacy impact assessments, managing compliance concerns, and testing control effectiveness.
    • Privacy Manager (snprivacy.manager): Oversees the organization's privacy compliance posture. Responsibilities include developing privacy regulations, monitoring compliance, and reporting to management.
    • Privacy Administrator (snprivacy.admin): Configures privacy management solutions to meet team requirements, including setting up automated privacy assessments and monitoring dependencies.
    • Privacy Assessment Responder (snprivacy.assessmentresponder): Engages in responding to privacy assessments and raising privacy requests from the portal.
    • Privacy Business User (snprivacy.businessuser): Can edit assigned processing activities and respond to assessments during the Discover state.
    • Privacy Developer (snprivacy.developer): Responsible for writing custom scripts related to privacy management.
    • Privacy Employee User (snprivacyemp.privacyemployee): Allows employees to request privacy impact assessments and report policy violations from the Employee Center if the Privacy Employee User application is installed.
    • Lite Operators: If the GRC: Privacy Lite User application is installed, users can respond to privacy assessment tasks, work on processing activities, handle breach assessments, and manage assigned tasks.

    Key Outcomes

    By utilizing these roles, organizations can effectively manage their privacy compliance efforts, ensure adherence to regulations, and streamline privacy-related tasks. This structured role assignment enhances collaboration among team members and supports a proactive approach to privacy management.

    The GRC: Privacy Management application installs the roles for the privacy analyst, the privacy manager, and the privacy administrator to perform their respective tasks.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    Privacy Analyst

    [sn_privacy.analyst]

    		 Privacy analysts are responsible for managing the privacy compliance posture of the processing activities owned by them.​ They perform the following tasks:
    • Assess the processing activities regularly by sending and reviewing privacy impact assessments​.
    • Work with the management and business users to identify and manage controls related to a processing activity​.
    • Manage and resolve the concerns of business users about compliance-related issues and policy exceptions​.
    • Test and monitor control effectiveness​.
    • sn_grc_workspace.task_reader
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.ara_assessor
    • sn_risk.user
    • sn_compliance.user
    • sn_privacy_case.privacy_case_analyst
    Privacy Manager

    [sn_privacy.manager]

    		 Privacy managers are responsible for managing the overall organization level privacy compliance posture.​ They perform the following tasks:
    • Develop and implement privacy regulations, authority documents,​ and policies.
    • Review privacy regulatory requirements and policies​.
    • Design and monitor controls to deal with violations of privacy regulations and internal policies.​
    • Plan privacy programs and scope entities.
    • Creating privacy impact assessment templates.​
    • Continuously monitor control effectiveness and recommend effective improvements.
    • ​ Supervise the privacy compliance team.​
    • Report to management and the Board of Directors on compliance posture​.
    • Discover who is implementing privacy regulation for the first time in their organization.
    • sn_compliance.manager
    • sn_privacy.analyst
    • sn_risk.manager
    • sn_grc_workspace.task_admin
    • sn_compliance.attestation_creator
    • sn_grc_reg_change.manager
    • sn_privacy_case.privacy_case_manager
    Privacy Admin

    [sn_privacy.admin]

    		 Privacy administrators administer the privacy policy and compliance management. ​ Users assigned this role are responsible for configuring privacy management solutions as per the privacy team's requirements.​ They perform the following tasks:
    • Configure privacy impact assessments and automated flows to trigger assessments​
    • Configure rules to auto-create processing activities ​out of privacy screening assessments.
    • Monitor the ServiceNow AI Platform dependencies with other applications and modules.
    • Can read the scripts under Processing activity script configurations related list.
    • sn_privacy.manager
    • sn_risk_advanced.ara_admin
    • sn_compliance.admin
    • sn_privacy_case.privacy_case_admin
    Privacy assessment responder

    [sn_privacy.assessment_responder]

    		 Privacy assessment responders can respond to the privacy assessments as key stakeholders. They can also raise privacy requests from the portal.
    • sn_grc_workspace.task_reader
    • canvas_user
    Privacy business user

    [sn_privacy.business_user]

    		 Privacy business users can edit the assigned processing activities in the Discover state, and also respond to the assessments.
    • sn_grc_workspace.task_reader
    • canvas_user
    • sn_privacy_case.privacy_case_business_user
    • sn_grc.business_user
    Privacy developer

    [sn_privacy.developer]

    		 Privacy developers can write custom scripts sn_privacy.admin
    If the Privacy Employee User application is installed, then the following roles are available.
    Privacy employee user

    [sn_privacy_emp.privacy_employee]

    		 Enables your employees to perform the following operations from the Employee Center:
    • Proactively request privacy impact assessments (PIAs) for new implementations, applications, and processes from the Employee Center.
    • Report privacy cases related to data privacy policy and regulatory violations.
    • Read and acknowledge organizational privacy policies
    • Create policy exceptions.
    • Create privacy issues.
    • sn_grc.issue_employee_user
    • sn_compliance.policy_ack_employee_user
    • sn_compliance.policy_exception_employee_user
    If the GRC: Privacy Lite User application is installed, then the following roles are considered as lite operators.
    • sn_privacy.assessment_responder
    • sn_privacy_case.privacy_case_business_user
    • sn_privacy.business_user
    • sn_grc_pdr.data_owner_admin

    Users with the lite operator role can do the following:

    • Respond to privacy assessment tasks as business users.
    • Work on the processing activity as a business user when it’s assigned to you to collect the required details.
    • Respond to the processing activity's criticality risk assessments and object-based assessment.
    • Respond to the detailed privacy risk assessments on each risk identified on a processing activity.
    • Work on breach assessments and other privacy case tasks.
    • Respond to the assessment and investigation tasks assigned by the privacy team.
    • Work on personal data rights action tasks to handle data according to the requester's requests.
    • Respond to the assigned control attestations.
    • View, update, and close assigned issues.
    • Create, update, and close assigned remediation tasks.
    • Respond to the assigned manual indicator tasks.