Project Management Office (PMO)
Responsible for embedding “Data Protection by Design and by Default” into projects at the outset by including deliverables such as contributing PTA/PIA/DPIA during the appropriate phases of the SDLC process, promoting accountability across projects and ensuring appropriate oversight of vendors/service providers.
Information Technology (IT)
Responsible for considering privacy issues at all phases of the design and development of products and systems and ensuring the organization maintains comprehensive data management procedures, including providing relevant privacy and security training to employees and regularly assessing the privacy and security impact of projects. These responsibilities may be shared with Information Security (IS).
Information Security (IS)
Responsible for and implementing privacy and security measures, such as pseudonymization and encryption and contributing to PTA/PIA/DPIA during the appropriate phases of the SDLC process. These responsibilities may be shared with IT.
Responsible for defining the business requirements with privacy in mind at the outset. Responsible for complying with the organization’s privacy policies, standards and procedures regarding the collection, use, retention and disposal of personal data.
Responsible for overseeing the Privacy Program, including embedding “Data Protection by Design and by Default” into the design and operation of an organization’s IT operational infrastructure and business practices.