The practical steps for conducting a data flow audit

A data flow is a transfer of information from one location to another. To keep track of this information, organisations should consider data flow mapping. The process will help an organisation identify key gaps and the necessary steps to establish what data it has and where it flows to.

Organisations need to be aware of what data they process and ensure it is processed in accordance with the law. As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations must map their data and information flows so that their privacy risks can be assessed. Often, organisations process more data then they realise, so it is vital that they implement data flow maps.

To create a data flow map, you will need to carry out a data flow audit. A data flow audit pinpoints all the locations where personal data is hosted, both within and outside your organisation, and where that data flows to and from.

The practical steps for conducting a data flow audit

  1. Document the scope and purposes of processing

To work out the impact a breach may have on the rights and freedoms of data subjects, you need to be aware of what data you have and where it is flowing. If you aren’t, you can’t ensure that data protection is fundamental to your operation.

  1. Add personal data to a data flow map

If your organisation does not currently have one, it is essential that you create a data flow map and include personal data.

  1. Add supporting assets used to process personal data

Supporting assets form part of the control environment, so it is important to know what these are. If your organisation has an unpatched operating system, there is a possibility of a ransomware attack.

  1. Add data transfers

Data transfers will need to be added to show the flow of data between assets. This will ensure that there are no intermediate steps, and enables your organisation to consider the security in the data flows.

  1. Review

The final step for conducting a data flow audit is to review the process and ensure that nothing has been missed.

Creating data flow maps can seem difficult and complex, but it is easy with the right tools.

The Data Flow Mapping Tool simplifies the process, helping you identify the data your organisation processes, understand the flow of data through your organisation and understand why, where and how it is transferred.

Understand your organisation’s personal data flow and meet the terms of the EU GDPR with the Data Flow Mapping Tool >>