As part of your GDPR (General Data Protection Regulation) compliance project, you must be able to understand what personal data you process. Specifically, Article 30 states that you must “maintain a record of processing activities under [your] responsibility”.
To achieve this, organisations must create a data flow map. This shows the flow of your organisation’s data and information from one location to another, e.g. from suppliers and sub-suppliers through to customers. When mapping data flows, the interaction points between all parties should be identified.
By mapping the flow of data, you identify any unforeseen or unintended uses. A data flow map also helps you to consider the parties that will be using the information and the potential future uses of any data processed.
Often organisations are unaware of the full extent of their data flows, so conducting a data flow map can be a challenge. In a recent blog we highlighted three key challenges you may face with data flow mapping.
5 simple steps to creating a data flow map
The brand new Data Flow Mapping Tool simplifies the process of creating data flow maps into five steps:
1. Document the scope and purposes of processing
Document every step of each process in your organisation, detailing who carries out each step and what assets are used.
2. Add personal data to a data flow map of each process
Start your data flow map by recording what personal data enters into the scope of a given process.
3. Add the supporting assets used to process personal data
Map the devices, applications or functions that are used to process personal data.
4. Add data transfers to show the flow of data between assets
Mark how data flows between assets, detailing which data items are transferred and the methods used to do so.
5. Review the process
View and print reports to share with stakeholders. Update the process map and details whenever changes are made to the process.
Data flow mapping made easy
Our Data Flow Mapping Tool not only simplifies the process of creating data flow maps but also makes them easy to review, revise and update as your organisation evolves.
The tool will help accelerate your understanding of how personal data is collected and processed, which is vital with the compliance deadline fast approaching.
It will also help you systematically identify all the stages in a personal data flow that have data protection implications.