A data flow is the transfer of information from one location to another – for example, from suppliers and sub-suppliers through to customers.
It’s essential that organisations map these flows in order for them to keep data secure and meet data protection requirements, such as the GDPR (General Data Protection Regulation).
Even small organisations process vast amounts of data – probably more data than they realise – and it can be difficult to keep track of it, especially as the organisation evolves and grows.
Data flow maps are therefore designed to capture all the sensitive information you process, why you process it, where you store it, how you transfer it and who you transfer it to.
With all these documented and graphed, you’ll have a clear understanding of the way you use data and the defence measures you need to implement.
But where should you begin when creating your data flow map? We provide our three-step guide in this blog.
1. Gather information
To make a data flow map, you first need to gather information about how you collect and use information. This includes the format the data is held on, information assets (databases, hardware, etc.), transfer methods and the locations where data is stored.
You can begin by inspecting process documentation (where available), observing processing activities, and talking to the people who are responsible for the processing to find out exactly what is taking place.
The objective is to identify all points at which data enters or leaves the system, all points at which processing, storage or transfer of the data takes place, and the nature of the data used or processed at each point in the data flow.
If you have multiple processes that capture and use personal data – for example, an e-commerce website, a telephone ordering system and a service desk – then each process should be captured separately.
2. Create a rough map
Before developing a complete map, many organisations sketch out a simple, visual representation on paper as they gather information.
This enables them to highlight the connections between each processing stage and quickly add, remove or modify assets, data items and transfers as they improve their understanding of the processing.
These paper maps can be a little messy, but they are just the starting point for your formal data flow maps; the information will be transferred to a more durable and accessible medium in the next stage.
3. Produce a digital version of the map
Once you’ve finished you draft map, it’s time to recreate it in an electronic format.
Many organisations use spreadsheets or graphing tools. While the former has plenty of space for detailed data and descriptions, and the latter makes visual mapping relatively easy, each lacks the benefits provided by the other.
Attempting to combine them means juggling two separate, often very complex documents, which again makes them harder to update and maintain.
Rather than trying to find workarounds or shoehorn your draft maps into systems that are unsuitable, the best way to capture data flow maps is to use a tool specifically designed for the task.
It should have an integrated asset database, the ability to capture and store large amounts of information in a controlled manner and a visual interface that makes it easy to understand, use and maintain.
That’s where Vigilant Software’s Data Flow Mapping Tool can help. The tool’s integrated asset database enables you to easily add information assets individually or in bulk.
Meanwhile, the visual interface makes it easy to add or modify transfers, processes, assets, data inputs and data types with only a few clicks, and built-in logic highlights transfers to third countries that could pose a risk to the rights and freedoms of data subjects.
It captures all the key information from a map in a high-quality, professional data processing report – ideal for stakeholders and supervisory authorities, and a perfect foundation for your GDPR compliance practices.
We’re currently offering a free 30-day trial of our Data Flow Mapping Tool. Simply select how many licenses you require and proceed to the checkout.
*** This is a Security Bloggers Network syndicated blog from Vigilant Software – Compliance Software Blog authored by Luke Irwin. Read the original post at: https://www.vigilantsoftware.co.uk/blog/where-to-begin-when-creating-your-data-flow-map