General Data Protection Regulation (GDPR) compliance should be a priority and high on every organisation’s agenda with less than two months until the regulation comes into effect on 25 May 2018. Organisations need to be aware of what data they process and ensure it is processed in accordance with the law.
As part of a GDPR compliance project, organisations must document their data processes, which can be done by mapping their data and information flows. Often, organisations process more data then they realise, so it is vital that they implement data flow maps.
In order to become GDPR-complaint, an organisation will need to conduct a data inventory and data flow audit. Mapping the data flow in, within and from an organisation will make it easier to identify data processing activity risks and if a data protection impact assessment (DPIA) is needed.
The Data Flow Mapping Tool
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you full visibility over the flow of personal data through your organisation.
The tool features a user-friendly interface and a tutorial to help you create and edit maps. A personal data inventory enables you to log details of personal data items involved in a process and generate an inventory. You can then choose the lawful basis for processing, the type of personal data you are processing and the category of the data subject.
Data flow maps can be easily reviewed, edited and updated by multiple people as your organisation evolves.
A version-controlled data flow report can also be created, which puts the information from your data flow maps into an easy-to-read format, ideal for sharing with stakeholders.
Compliance Manager is a tool that enables you to manage information security and data protection requirements. It has been designed to help organisations keep track of their compliance with applicable laws and regulations, which is essential for organisations implementing an ISO 27001-compliant information security management system (ISMS) or complying with the GDPR.
Compliance Manager provides a list of information security clauses from UK law and a collection of curated GDPR articles that require data controllers and processors to take action to achieve compliance. All content is accompanied by implementation guidance.
The Data Flow Mapping Tool and Compliance Manager can be purchased as a bundle, giving organisations a complete overview of their compliance projects. This bundle will allow an organisation to map individual processes to specific legal, contractual and regulatory requirements and the controls used to meet those requirements.