Following the approval of the European Union General Data Protection Regulation (EU GDPR) just last week, many companies are starting to gear up for compliance with the widespread requirements introduced by this new law.
Data as a commodity
With data becoming a critical commodity for the survival of any business, the EU GDPR presents significant challenges for most organisations.
Organisations will need to review their operational and technical measures while considering the new regulatory requirements.
Total transformation on the cards
Although a two-year transition process may seem like a reasonably long time to prepare, organisations will need to completely transform the way they collect and use personal information.
Many astute privacy professionals have already started to implement measures to get their houses in order before the estimated June 2018 deadline.
Data flow audit
An important first step in such an exercise is to review your organisation’s data flows. This requires auditing the type of data being held, where the data resides, who ‘owns’ the data, who has access to the data, and with whom the data is shared.
Often, however, organisations are not aware of the full extent of their data flows, simply because they don’t have total visibility over the data being collected and processed, or the purpose of such collection and/or processing activities.
That’s where data mapping comes into play. Data mapping involves the mapping out of all the organisations’ data flows, which is a process of drawing up an extensive inventory of the data to get a comprehensive understanding of where the data flows from, within and to.
Any company preparing for the EU GDPR should undertake a data mapping exercise as part of their early preparations and is usually an essential ingredient of any robust data protection programme.
By taking this all-important step, companies will have better visibility of their data, enabling them to come up with effective ways in which to protect the information and mitigate privacy-related risks.
To gain full visibility over the flow of personal data through your organisation and to meet the requirements of the GDPR, take a look at the Data Flow Mapping Tool.
This tool simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes and why, where it is held and how it is transferred.