You can indicate the actors involved in the implementation of the processing. This can for example be a service or a department of a company (such as the human resources department for example) but also a dedicated person if it's a project (project manager for example).

You also indicate the identity of the representative of the controller, if applicable, of the joint controller(s).

Add a joint controller (co-controller)

To add a joint controller, add a new stakeholder and select "Joint controller".

You will be prompted to add a stakeholder as a joint controller.

Add a Person in Charge of Implementing the Processing

The person in charge of implementing corresponds to the service that is operationally responsible for the processing. This is generally the service that uses the data and carries out the processing activity.

This can be either a service or an individual.

In Dastra, you will need to add an actor.

Add a Representative of the Data Controller

The representative of the data controller corresponds to the operational representative of the data controller (DC). For example, this could be a member of the executive committee (COMEX) or a municipal councilor (with the DC being represented by the mayor).

Add Users to a Processing

Dastra allows you to attach users to a processing.

Note that these are not actors but users (individuals who have an account on the Dastra platform).

The roles thus defined will allow for efficient management and implementation of your processing in Dastra.

Here is a way to define the roles of your users for your processings:

• Validator: This is the user in Dastra who is responsible for validating that the processing and associated elements as indicated in Dastra are valid according to the organization's expectations. This person may be different from the data controller's signatory. For example, it could be a service manager, a DPO, or a DPO relay.

• Implementer: This is the user who is responsible for carrying out the necessary actions on the processing and describing it. This could involve implementing data security measures, managing access, or any other task required to ensure the compliance of the processing. This could be a project manager or a dedicated business manager.

• Informed: This category includes users who need to be kept informed of the progress and status of the processing without having an active role in its validation or implementation. This may include members of the management team, project managers, or other stakeholders who have an interest in the processing.