A recent report has highlighted that a significant number of organisations rely on data mapping to help with their EU General Data Protection Regulation (GDPR) compliance projects.
The IT Governance GPDR Report 2017 showed that 27.8% of organisations rely on data audits or data mapping. The report also revealed that 12.9% of organisations rely on risk assessment software.
The report provides an insight into how organisations are progressing with GDPR compliance, the challenges they face and the measures they are adopting.
Alan Calder, IT Governance’s founder and executive chairman, said: “Our research shows that organisations are still planning or have just started to work towards GDPR compliance. The lack of skills and resources required to help organisations achieve GDPR compliance is one of the main challenges faced by organisations. Results show that professionals are struggling with conducting risk assessments, creating policies and procedures, and conducting a data protection impact assessment or a data audit.”
As part of your GDPR compliance project, your organisation must understand what personal data it processes. To do so, it’s necessary to create a data flow map that shows the flow of your organisation’s data and information from one location to another, such as from suppliers and sub-suppliers through to customers.
By mapping the flow of data, you will be able to identify any unforeseen or unintended uses of it, and also consider the parties who will use the information and the potential future uses of any data processed.
Often organisations are not aware of the full extent of their data flows, so conducting a data flow map can be a challenge. In a recent blog we highlighted three key challenges you may face with data flow mapping.
How Vigilant Software can help
Our Data Flow Mapping Tool simplifies the process of creating data flow maps, making them easy to review, revise and update as your organisation evolves.
The tool will help accelerate your understanding of how personal data is collected and processed, as well as systematically identify all the stages in a personal data flow that have data protection implications. This will allow you to more quickly determine the appropriate administrative and technical controls necessary to comply with the GDPR.