3 data flow mapping challenges to comply with the GDPR
As part of your GDPR (General Data Protection Regulation) compliance project, your organisation must understand what personal data it processes. To help you do this, you must create a data flow map.
A data flow map shows how your organisation’s data and information moves from one location to another – for example, from suppliers and sub-suppliers through to customers.
By mapping the flow of data, you identify any unforeseen or unintended uses of it. A data flow map also helps you to consider the parties who will be using the information and the potential future uses of any data processed.
Data flow maps should identify key information, including the types of data items processed, how they are collected or transferred (e.g. via a form, online data entry or a phone call) and who is accountable for the personal data.
Challenges in the data flow mapping process
Your organisation’s DPO (data protection officer) should play a key role in producing a DPIA and mapping the flow of information. Creating a data flow map can involve the following three challenges:
- Identifying your personal data
Personal data means any information that identifies or could be used to identify a natural person. This can include name, email address, identification number and location data.
Personal data can be stored in a number of formats, including paper, digital or audio. Your first challenge is likely to be identifying what information is stored in which formats.
- Identifying technical and organisational safety measures
Your second challenge is identifying the types of technology and organisational procedures that protect personal data. Part of this challenge is determining who has access to this information.
- Understanding legal and regulatory requirements
Your final challenge is determining your organisation’s legal and regulatory obligations.
Once you have solved these challenges, you will be in a good position to move forward in your GDPR compliance project, building trust and confidence in your organisation.
Data flow mapping made simple
Vigilant Software’s Data Flow Mapping Tool enables users to create and edit data flow maps using dynamic drawing tools.
You gain full visibility over the personal data you hold, and identify how the data is used, where it’s stored and how it’s transferred.
Additionally, you can easily label data items, formats, transfer mechanisms and locations, as well as highlight the risks associated with each.
But what about the more complex aspects of data flow mapping? In the next section, we look at specific parts of the process and explain how our tool helps.
A version of this blog was originally published on 29 August 2017.
The post 3 data flow mapping challenges to comply with the GDPR appeared first on Vigilant Software – Compliance Software Blog.
*** This is a Security Bloggers Network syndicated blog from Vigilant Software – Compliance Software Blog authored by Chloe Biscoe. Read the original post at: https://www.vigilantsoftware.co.uk/blog/3-data-flow-mapping-challenges-to-comply-with-the-eu-gdpr
