The EU General Data Protection Regulation (GDPR) is a new law that will harmonise data protection in the EU and will be enforced from 25 May 2018.
The Regulation will apply to all organisations that process EU residents’ personal data, including organisations outside the EU. UK organisations will need to make sure they are compliant, as the government has confirmed that the Regulation will apply in the UK, despite Brexit.
Data mapping and the GDPR
To comply with the GDPR, organisations must understand what personal data they hold or process. To do so, it is necessary to create a data flow map.
A data flow map shows the flow of your organisation’s data and information from one location to another, e.g. from suppliers and sub-suppliers through to customers. When mapping data flows, the interaction points between all parties should be identified.
By mapping the flow of data, you identify any unforeseen or unintended uses. A data flow map also helps you to consider the parties that will be using the information and the potential future uses of any data processed.
Often organisations are unaware of the full extent of their data flows, so conducting a data flow map can be a challenge. In a recent blog we highlighted three key challenges you may face with data flow mapping.
5 simple steps to creating a data flow map
The brand new Data Flow Mapping Tool simplifies the process of creating data flow maps into five steps:
- Document the scope and purposes of processing
Document every step of each process in your organisation, detailing who carries out each step and what assets are used.
- Add personal data to a data flow map of each process
Start your data flow map by recording what personal data enters into the scope of a given process.
- Add the supporting assets used to process personal data
Map the devices, applications or functions that are used to process personal data.
- Add data transfers to show the flow of data between assets
Mark how data flows between assets, detailing which data items are transferred and the methods used to do so.
- Review the process
View and print reports to share with stakeholders. Update the process map and details whenever changes are made to the process.
The Data Flow Mapping Tool not only simplifies the process of creating data flow maps but also makes them easy to review, revise and update as your organisation evolves.
The tool will help accelerate your understanding of how personal data is collected and processed, which is vital with the compliance deadline fast approaching. It will also help you systematically identify all the stages in a personal data flow that have data protection implications.
*** This is a Security Bloggers Network syndicated blog from Vigilant Software Blog authored by Chloe Biscoe. Read the original post at: https://www.vigilantsoftware.co.uk/blog/5-steps-to-create-a-data-flow-map/