As part of GDPR compliance, organizations are required to map their data and information flows in order to assess their privacy and to form part of their registration documentation.
What Are GDPR Data Maps?
As part of GDPR compliance, organizations are required to map their data and information flows in order to assess their privacy and to form part of their registration documentation. To effectively map their data, an organization needs to understand the information data flow, and identify its key elements.
Understanding The Information Flow
An information transfer is from one location to another including the following:
- Inside to outside the European Union
- 3rd Parties through to customers
- Applications used to process personal and sensitive information
- Internally between departments
Identifying Key Elements
|
Element |
Description |
|---|---|
|
Data Items |
What kind of data (name, address, email, etc.) is being processed and the category (criminal records, health data, location data, etc.) that it falls into. |
|
Formats |
The format that the data is stored in (hardcopy, digital, mobile phones, etc.) |
|
Transfer Method |
How the data is collected (phone, social media, mail, etc.) and how it is shared internally and externally |
|
Location |
What locations are involved with data flow (office, cloud 3rd parties, etc.) |
|
Accountability |
Who is accountable for the personal data. This may change as data flows throughout the organization |
|
Access |
Who has access to the data. |
|
Lawful Basis |
Identify the lawful basis for processing the data |
Data Map Flow Chart Example
Data Map Diagram Example
