Roles installed with Privacy Management

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles installed with Privacy Management

    The GRC: Privacy Management application in ServiceNow installs specific roles to support privacy compliance tasks at various levels within an organization. These roles enable users to manage privacy assessments, controls, policies, cases, and compliance programs effectively.

    Show full answer Show less

    Roles and Their Responsibilities

    • Privacy Analyst [snprivacy.analyst]: Manages privacy compliance for owned processing activities by assessing activities, managing controls, addressing compliance issues, and monitoring control effectiveness.
    • Privacy Manager [snprivacy.manager]: Oversees organization-level privacy compliance, develops policies, monitors controls, plans privacy programs, supervises teams, and reports compliance status to leadership.
    • Privacy Admin [snprivacy.admin]: Configures privacy management solutions including impact assessments, automated workflows, and rules for processing activities; monitors dependencies and manages scripts.
    • Privacy Assessment Responder [snprivacy.assessmentresponder]: Responds to privacy assessments and raises privacy requests via the portal as key stakeholders.
    • Privacy Business User [snprivacy.businessuser]: Edits assigned processing activities in the Discover state and responds to assessments.
    • Privacy Developer [snprivacy.developer]: Writes custom scripts related to privacy management configurations.
    • Privacy Employee User [snprivacyemp.privacyemployee] (with Privacy Employee User app): Allows employees to request privacy impact assessments, report privacy cases, acknowledge policies, and create policy exceptions and issues from the Employee Center.
    • Lite Operators (with GRC: Privacy Lite User app): Roles such as assessment responder, business user, and data owner admin enable users to respond to assessments, manage processing activities, handle breach and risk assessments, control attestations, remediation tasks, and close issues related to privacy.

    Practical Benefits for ServiceNow Customers

    By assigning these predefined roles, ServiceNow customers can:

    • Clearly delineate privacy responsibilities across analysts, managers, administrators, and other stakeholders.
    • Efficiently manage privacy compliance activities including assessments, controls, policies, and case management.
    • Leverage automation and scripting capabilities to streamline privacy workflows and processing activity management.
    • Empower employees and business users to engage with privacy processes appropriately according to their roles.
    • Support scalable privacy programs with role-based access aligned to organizational privacy governance needs.

    These roles ensure that privacy management tasks are conducted securely, compliantly, and with appropriate oversight, enabling customers to maintain a strong privacy compliance posture using ServiceNow’s GRC: Privacy Management application.

    The GRC: Privacy Management application installs the roles for the privacy analyst, the privacy manager, and the privacy administrator to perform their respective tasks.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    Privacy Analyst

    [sn_privacy.analyst]

    		 Privacy analysts are responsible for managing the privacy compliance posture of the processing activities owned by them.​ They perform the following tasks:
    • Assess the processing activities regularly by sending and reviewing privacy impact assessments​.
    • Work with the management and business users to identify and manage controls related to a processing activity​.
    • Manage and resolve the concerns of business users about compliance-related issues and policy exceptions​.
    • Test and monitor control effectiveness​.
    • sn_grc_workspace.task_reader
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.ara_assessor
    • sn_risk.user
    • sn_compliance.user
    • sn_privacy_case.privacy_case_analyst
    Privacy Manager

    [sn_privacy.manager]

    		 Privacy managers are responsible for managing the overall organization level privacy compliance posture.​ They perform the following tasks:
    • Develop and implement privacy regulations, authority documents,​ and policies.
    • Review privacy regulatory requirements and policies​.
    • Design and monitor controls to deal with violations of privacy regulations and internal policies.​
    • Plan privacy programs and scope entities.
    • Creating privacy impact assessment templates.​
    • Continuously monitor control effectiveness and recommend effective improvements.
    • ​ Supervise the privacy compliance team.​
    • Report to management and the Board of Directors on compliance posture​.
    • Discover who is implementing privacy regulation for the first time in their organization.
    • sn_compliance.manager
    • sn_privacy.analyst
    • sn_risk.manager
    • sn_grc_workspace.task_admin
    • sn_compliance.attestation_creator
    • sn_grc_reg_change.manager
    • sn_privacy_case.privacy_case_manager
    Privacy Admin

    [sn_privacy.admin]

    		 Privacy administrators administer the privacy policy and compliance management. ​ Users assigned this role are responsible for configuring privacy management solutions as per the privacy team's requirements.​ They perform the following tasks:
    • Configure privacy impact assessments and automated flows to trigger assessments​
    • Configure rules to auto-create processing activities ​out of privacy screening assessments.
    • Monitor the ServiceNow AI Platform dependencies with other applications and modules.
    • Can read the scripts under Processing activity script configurations related list.
    • sn_privacy.manager
    • sn_risk_advanced.ara_admin
    • sn_compliance.admin
    • sn_privacy_case.privacy_case_admin
    Privacy assessment responder

    [sn_privacy.assessment_responder]

    		 Privacy assessment responders can respond to the privacy assessments as key stakeholders. They can also raise privacy requests from the portal.
    • sn_grc_workspace.task_reader
    • canvas_user
    Privacy business user

    [sn_privacy.business_user]

    		 Privacy business users can edit the assigned processing activities in the Discover state, and also respond to the assessments.
    • sn_grc_workspace.task_reader
    • canvas_user
    • sn_privacy_case.privacy_case_business_user
    • sn_grc.business_user
    Privacy developer

    [sn_privacy.developer]

    		 Privacy developers can write custom scripts sn_privacy.admin
    If the Privacy Employee User application is installed, then the following roles are available.
    Privacy employee user

    [sn_privacy_emp.privacy_employee]

    		 Enables your employees to perform the following operations from the Employee Center:
    • Proactively request privacy impact assessments (PIAs) for new implementations, applications, and processes from the Employee Center.
    • Report privacy cases related to data privacy policy and regulatory violations.
    • Read and acknowledge organizational privacy policies
    • Create policy exceptions.
    • Create privacy issues.
    • sn_grc.issue_employee_user
    • sn_compliance.policy_ack_employee_user
    • sn_compliance.policy_exception_employee_user
    If the GRC: Privacy Lite User application is installed, then the following roles are considered as lite operators.
    • sn_privacy.assessment_responder
    • sn_privacy_case.privacy_case_business_user
    • sn_privacy.business_user
    • sn_grc_pdr.data_owner_admin

    Users with the lite operator role can do the following:

    • Respond to privacy assessment tasks as business users.
    • Work on the processing activity as a business user when it’s assigned to you to collect the required details.
    • Respond to the processing activity's criticality risk assessments and object-based assessment.
    • Respond to the detailed privacy risk assessments on each risk identified on a processing activity.
    • Work on breach assessments and other privacy case tasks.
    • Respond to the assessment and investigation tasks assigned by the privacy team.
    • Work on personal data rights action tasks to handle data according to the requester's requests.
    • Respond to the assigned control attestations.
    • View, update, and close assigned issues.
    • Create, update, and close assigned remediation tasks.
    • Respond to the assigned manual indicator tasks.