Skip to Main Content
This website uses cookies. View our cookie policy

GDPR Data Mapping

As part of your EU General Data Protection Regulation (GDPR) compliance project, your organisation will need to understand what personal data it processes.

Article 30 of the GDPR requires organisations to “maintain a record of processing activities under [their] responsibility".

That record shall contain all of the following information:

"The controller or the processor […] shall make the record available to the supervisory authority on request."

Data mapping can be a useful method of meeting these requirements.


Key elements of data mapping

Figure 1: Using the Data Flow Mapping Tool to map methods of transferring data


An effective data mapping process will establish:

  • The data items obtained (name, email, address, etc.);
  • The format of the data (hard copy, digital copy, etc.);
  • Transfer methods (internally or externally, post, telephone, etc.); and
  • Where the data is stored (offices, the Cloud, third party, etc.).

Challenges in the data mapping process

Your organisation’s data protection officer (DPO) should play a key role in mapping the flow of information for GDPR compliance. When doing so, you may encounter the following challenges:

  1. Identifying personal data and how it is stored (for each process in your organisation, you can obtain many data items, which can be stored in many formats, including paper, digital and audio).
  2. Identifying technical and organisational safety measures (part of this challenge will be determining who has access to this information).
  3. Understanding legal and regulatory requirements.


How Vigilant Software can help

Vigilant Software’s Data Flow Mapping Tool simplifies the data mapping process, making your maps easy to review, revise and update as your organisation evolves.

The tool establishes all the key elements needed for an effective data mapping process and reduces the challenges your organisation will face in the run-up to the GDPR compliance deadline.


The Data Flow Mapping Tool allows you to understand the flow of personal data through your organisation. It helps you identify those parts of your processes that may need extra measures to protect personal data, and identify and eliminate any process inefficiencies.