Data flow maps are essential for organisations to understand how sensitive information moves through their business.
For example, you might collect user information in a survey, which is then funnelled into a database that’s used by your marketing team. If any of those respondents become a customer, their information will be shared with the sales team and expanded upon.
In order to stay on top of that information, and to meet your GDPR (General Data Protection Regulation) compliance requirements, you need to map it.
This can be hard work – particularly if it needs to be regularly updated. That’s why many organisations use templates, such as our Data Flow Mapping Tool.
In this blog, we explain how our software simplifies the process of tracking your sensitive information and meeting your data protection requirements.
What is the Data Flow Mapping Tool?
Vigilant Software’s Data Flow Mapping Tool enables users to create and edit data flow maps using dynamic drawing tools.
You gain full visibility over the personal data you hold, and identify how the data is used, where it’s stored and how it’s transferred.
Additionally, you can easily label data items, formats, transfer mechanisms and locations, as well as highlight the risks associated with each.
But what about the more complex aspects of data flow mapping? In the next section, we look at specific parts of the process and explain how our tool helps.
The first step to creating a data flow map is to identify your assets – i.e. information you process and the locations that it flows through, such as databases, hard drives and filing cabinets.
You also need to know who is responsible for managing each asset through its lifecycle. The Data Flow Mapping Tool makes it easy to add these details, ensuring that your map is completed efficiently.
With our tool, you can appoint an asset owner and state whether they are a data controller or data processor – which, when it comes to personal data, will have important ramifications for GDPR compliance.
A successful data flow map not only determines what information is being transferred but also the level of protection it should be given.
That’s where information classification fits in. It’s usually considered in terms of the level of confidentiality each piece of data has – i.e. who is granted permission to access it.
A typical system will have four levels of confidentiality: confidential, restricted, internal and public.
However, these aren’t the only labels you can use to classify information. For example, you might want to state “sensitive” if the information poses a severe risk if misused but access is required by many people in your organisation.
Whatever classification works for the needs of your organisation is acceptable, and the Data Flow Mapping Tool makes it easy to create classifications and label your documents accordingly.
Data retention periods
Any information you process will inevitably flow towards an exit point. That is, you will no longer have a business or lawful reason to hold on to it and must therefore dispose of it.
The time frame between processing information and disposing of it is known as the data retention period. When it comes to personal information, the GDPR states that you must have an idea of what this time frame will be and document it.
You will benefit from doing this with other types of sensitive information too. If you don’t, your systems and data flow maps will soon be stacked with irrelevant data, as you keep adding information but never removing it.
The Data Flow Mapping Tool helps prevent this problem by including a data retention period category for the information you process.
You can track data as it moves through your organisation to its final destination(s), and easily locate and remove it from your systems when the deadline arrives.
Try the Data Flow Mapping Tool for free
We’re currently offering a free two-week trial of our Data Flow Mapping Tool, so why not try out its features?
You can get to grips with its dynamic drawing tools, learn how the GDPR affects your data transfers and generate version-controlled data flow reports in a user-friendly format.