Data mapping under the EU GDPR
To comply with the EU General Data Protection Regulation (GDPR), organisations need to map their data flows to assess privacy risks.
Data flow maps form part of your Article 30 documentation. They are also an essential first step in completing a data protection impact assessment (DPIA).
Creating data flow maps
To effectively map your data, you need to understand the information flow, describe it and identify its key elements.
1. Understand the information flow
An information flow is a transfer of information from one location to another, for example:
- From inside to outside the European Union; or
- From suppliers and sub-suppliers through to customers.
The key challenges of data mapping
Identifying personal data:
Personal data can reside in a number of locations and be stored in a number of formats, such as paper, electronic and audio. Your first challenge is deciding what information you need to record and in what format.
Identifying appropriate technical and organisational safeguards:
You need to protect information and determine who controls access to it. To do this, you'll need to identify the appropriate technology, and the policy and procedures for its use
Understanding legal and regulatory obligations:
Your legal and regularity obligations may extend beyond the GDPR. This can include other compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.
For further information on data flow mapping under the GDPR, download our free green paper
Map your data and become GDPR compliant with IT Governance
We have a selection of tools and software that can support your organisations GDPR compliance, no matter how far along you are in your project.
To gain full visibility over the flow of personal data through your organisation and meet the requirement to maintain a record of processing activities under Article 30 of the EU GDPR (General Data Protection Regulation), we recommend the Data Flow Mapping Tool.
This tool simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes and why, where it is held and how it is transferred. The Data Flow Mapping Tool is a Cloud-based application, licensed for up to five users and can be accessed via any compatible browser.