Objective

A robust data protection/privacy programme requires active engagement across the entire organisation.

Setting up a data protection committee allows you to identify risks, take actions and more across your organisation. 


Once it has been decided which key personnel need to be engaged, proceed to set up a governance structure to tell DPOinBOX which departments/ regions should or should not be able to view the various forms and assessments. 


For example, the DPO should be able to see what has been updated by both the Sales Department and the HR Department, but the Sales Department and the HR Department should not be able to see each others' content. 

  


Navigating to the Governance Structure page

Click the 'Governance' icon at the top right of the page, next to your user name. 

Note that only authorised users will have access to this function. 




The governance structure

You may see only one user in the Executive Office tier when you begin, and no other tiers. 

In this case you would need to 

(1) Create the tiers that correspond to the regions, departments or department groups that you want to set up 

(2) Assign users to the appropriate tiers



When setting up the governance tiers, bear in mind that:

  • Users in higher tiers can view forms, assessments, etc. of users in lower tiers 
  • Users in lower tiers cannot view forms, assessments, etc. of users in higher tiers, unless they there is specific assignment (for example in DPIA, Audit or Incident Management) 


(1) Creating tiers that correspond to regions, departments or department groups

You can enter the name of a new department (or region), then click 'Create Department' to create a customised name.



Simply drag and drop the new department or region into the tier that is relevant for your organisation. 




(2) Assign users to the appropriate tiers

Now that you have set up the governance tiers, you will need to assign the key users who will be involved in your Data Protection/Privacy Programme. 


Click the '< Back' button to go back to the Governance page. 


Click the 'Users' button on the tier you want to assign the user. 



For example, to assign a user to the 'Procurement' tier, click the Users button in the Procurement tier. 

 



Then select one or move users for that tier, and click 'Save'



Shared content

To share content between users on the same tier, tick the 'Shared' checkbox. 




The default state is NOT Shared. 


That's it! 

Your users can now login to the system, and their viewing rights will be guided by your governance structure.