Roles installed with Privacy Management

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles Installed with Privacy Management

    The GRC: Privacy Management application in ServiceNow Yokohama release installs specific roles designed to support privacy compliance tasks throughout an organization. Each role has distinct responsibilities and permissions tailored to ensure effective privacy management, assessment, and administration. Understanding these roles helps you assign appropriate access and streamline privacy workflows.

    Show full answer Show less

    Key Roles and Their Responsibilities

    • Privacy Analyst [snprivacy.analyst]: Manages privacy compliance for owned processing activities. Tasks include conducting privacy impact assessments, managing controls, resolving compliance concerns, and monitoring control effectiveness. This role contains multiple sub-roles related to risk and compliance tasks.
    • Privacy Manager [snprivacy.manager]: Oversees organization-wide privacy compliance. Responsible for developing policies, reviewing regulatory requirements, designing controls, planning privacy programs, monitoring control effectiveness, supervising the privacy team, and reporting to management.
    • Privacy Admin [snprivacy.admin]: Configures and administers privacy management solutions based on privacy team needs. Tasks include setting up impact assessments, automating processing activity creation, monitoring AI platform dependencies, and managing script configurations.
    • Privacy Assessment Responder [snprivacy.assessmentresponder]: Responds to privacy assessments as a key stakeholder and can raise privacy requests via the portal.
    • Privacy Business User [snprivacy.businessuser]: Can edit assigned processing activities in the Discover state and respond to assessments.
    • Privacy Developer [snprivacy.developer]: Authorized to write custom scripts and inherits privacy admin permissions.
    • Privacy Employee User [snprivacyemp.privacyemployee] (if Employee User app installed): Enables employees to request privacy impact assessments, report privacy cases, acknowledge policies, create policy exceptions, and raise privacy issues from the Employee Center.
    • Lite Operator Roles (if GRC: Privacy Lite User app installed): Includes a subset of roles such as assessment responders and business users who can perform key privacy tasks like responding to assessments, handling breach assessments, managing personal data rights actions, and working on remediation tasks.

    Practical Implications for ServiceNow Customers

    Assigning these roles appropriately ensures that privacy compliance processes are efficiently managed at various organizational levels—from analysts handling specific data processing activities to managers overseeing the entire compliance posture. Admin roles enable configuration and automation, improving operational efficiency. Employee and lite user roles expand participation and task handling, supporting broad organizational engagement in privacy management.

    By leveraging these predefined roles, you can maintain clear separation of duties, enhance compliance monitoring, and streamline privacy-related workflows within your ServiceNow environment.

    The GRC: Privacy Management application installs the roles for the privacy analyst, the privacy manager, and the privacy administrator to perform their respective tasks.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    Privacy Analyst

    [sn_privacy.analyst]

    		 Privacy analysts are responsible for managing the privacy compliance posture of the processing activities owned by them.​ They perform the following tasks:
    • Assess the processing activities regularly by sending and reviewing privacy impact assessments​.
    • Work with the management and business users to identify and manage controls related to a processing activity​.
    • Manage and resolve the concerns of business users about compliance-related issues and policy exceptions​.
    • Test and monitor control effectiveness​.
    • sn_grc_workspace.task_reader
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.ara_assessor
    • sn_risk.user
    • sn_compliance.user
    • sn_privacy_case.privacy_case_analyst
    Privacy Manager

    [sn_privacy.manager]

    		 Privacy managers are responsible for managing the overall organization level privacy compliance posture.​ They perform the following tasks:
    • Develop and implement privacy regulations, authority documents,​ and policies.
    • Review privacy regulatory requirements and policies​.
    • Design and monitor controls to deal with violations of privacy regulations and internal policies.​
    • Plan privacy programs and scope entities.
    • Creating privacy impact assessment templates.​
    • Continuously monitor control effectiveness and recommend effective improvements.
    • ​ Supervise the privacy compliance team.​
    • Report to management and the Board of Directors on compliance posture​.
    • Discover who is implementing privacy regulation for the first time in their organization.
    • sn_compliance.manager
    • sn_privacy.analyst
    • sn_risk.manager
    • sn_grc_workspace.task_admin
    • sn_compliance.attestation_creator
    • sn_grc_reg_change.manager
    • sn_privacy_case.privacy_case_manager
    Privacy Admin

    [sn_privacy.admin]

    		 Privacy administrators administer the privacy policy and compliance management. ​ Users assigned this role are responsible for configuring privacy management solutions as per the privacy team's requirements.​ They perform the following tasks:
    • Configure privacy impact assessments and automated flows to trigger assessments​
    • Configure rules to auto-create processing activities ​out of privacy screening assessments.
    • Monitor the ServiceNow AI Platform dependencies with other applications and modules.
    • Can read the scripts under Processing activity script configurations related list.
    • sn_privacy.manager
    • sn_risk_advanced.ara_admin
    • sn_compliance.admin
    • sn_privacy_case.privacy_case_admin
    Privacy assessment responder

    [sn_privacy.assessment_responder]

    		 Privacy assessment responders can respond to the privacy assessments as key stakeholders. They can also raise privacy requests from the portal.
    • sn_grc_workspace.task_reader
    • canvas_user
    Privacy business user

    [sn_privacy.business_user]

    		 Privacy business users can edit the assigned processing activities in the Discover state, and also respond to the assessments.
    • sn_grc_workspace.task_reader
    • canvas_user
    • sn_privacy_case.privacy_case_business_user
    • sn_grc.business_user
    Privacy developer

    [sn_privacy.developer]

    		 Privacy developers can write custom scripts sn_privacy.admin
    If the Privacy Employee User application is installed, then the following roles are available.
    Privacy employee user

    [sn_privacy_emp.privacy_employee]

    		 Enables your employees to perform the following operations from the Employee Center:
    • Proactively request privacy impact assessments (PIAs) for new implementations, applications, and processes from the Employee Center.
    • Report privacy cases related to data privacy policy and regulatory violations.
    • Read and acknowledge organizational privacy policies
    • Create policy exceptions.
    • Create privacy issues.
    • sn_grc.issue_employee_user
    • sn_compliance.policy_ack_employee_user
    • sn_compliance.policy_exception_employee_user
    If the GRC: Privacy Lite User application is installed, then the following roles are considered as lite operators.
    • sn_privacy.assessment_responder
    • sn_privacy_case.privacy_case_business_user
    • sn_privacy.business_user
    • sn_grc_pdr.data_owner_admin

    Users with the lite operator role can do the following:

    • Respond to privacy assessment tasks as business users.
    • Work on the processing activity as a business user when it’s assigned to you to collect the required details.
    • Respond to the processing activity's criticality risk assessments and object-based assessment.
    • Respond to the detailed privacy risk assessments on each risk identified on a processing activity.
    • Work on breach assessments and other privacy case tasks.
    • Respond to the assessment and investigation tasks assigned by the privacy team.
    • Work on personal data rights action tasks to handle data according to the requester's requests.
    • Respond to the assigned control attestations.
    • View, update, and close assigned issues.
    • Create, update, and close assigned remediation tasks.
    • Respond to the assigned manual indicator tasks.