Data mapping will be a key part of your compliance project in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline of May 2018.
The Regulation introduces numerous changes – and the change from complying with the current Data Protection Act (DPA) to the GDPR is a complex one – so it’s important to understand what your organisation needs to do to comply.
What does the GDPR say about data mapping?
In a recent blog we spoke about the requirements of Article 30 of the GDPR and how data mapping can be a useful method to meet those requirements.
A data flow map shows the flow of your organisation’s data from one location to another, such as from different business units or suppliers through to customers.
Data mapping allows you to identify any unforeseen or unintended uses. It’s useful for processes where there are many steps or parties involved and you want to ensure that you’ve identified all the components in that process.
Key elements of data mapping
The data mapping process establishes:
- The data items obtained (name, email, address, etc.);
- The format of the data (hard copy, digital copy, etc.);
- Transfer methods (internally or externally, post, telephone, etc.); and
- Where the data is stored (offices, the Cloud, third party, etc.)
There are three key challenges that organisations may face when mapping the flow of information. Check out our recent blog for more information on tackling these challenges >>
Simplify your GDPR data mapping process
The Data Flow Mapping Tool can be used to simplify the process of data mapping and establishes all the key elements listed above.
The tool makes data maps easy to review, revise and update as your organisation evolves, and will accelerate your understanding of how personal data is collected and processed.
The Data Flow Mapping Tool will also help you systematically identify all the stages in a personal data flow that have data protection implications. This will allow you to more quickly determine the appropriate organisational and technical measures necessary to comply with the GDPR.