As part of an EU GDPR (General Data Protection Regulation) compliance project, organisations are required to map their data and information flows. However, identifying and keeping track of all the information flowing in and out of your organisation can be challenging.
What can a data flow map help with?
A data flow map can help you identify all the information your organisation holds and how it’s being transferred between other data processers and/or controllers, and allows you to assess privacy risks and vulnerabilities. It can also be used to ensure data subjects are aware of how their data is being processed, which is especially important when fulfilling subject access requests.
The key elements of data mapping
To effectively map data, you need to be able to identify its key elements.
- Understand the information flow
An information flow is a transfer of information from one location to another, whether between organisations or geographical locations.
- Describe the information flow
You must run through the information lifecycle to identify all uses of data (even unforeseen or unintended uses), enabling you to minimise what data needs to be collected.
Ensuring data processors using the information are consulted on the implications is also important, especially when determining potential future uses of information collected. This also allows you to prepare security measures for privacy risks.
- Identify the information’s key elements
- Data items
- Transfer method
What tools are available to successfully map your data?
The Data Flow Mapping Tool is a Cloud-based application that gives you full visibility over the flow of data through your organisation. It simplifies the process of creating data flow maps, and they can be reviewed, revised and updated when needed.
To help manage information security and data protection requirements, you can keep track of your compliance with applicable laws and regulations using the Compliance Manager tool.
Integrating the Data Flow Mapping Tool with Compliance Manager allows you to track your compliance with the GDPR articles, as well as your ISMS (information security management system) requirements.