GDPR Data Maps

As part of GDPR compliance, organizations are required to map their data and information flows in order to assess their privacy and to form part of their registration documentation.

What Are GDPR Data Maps?

As part of GDPR compliance, organizations are required to map their data and information flows in order to assess their privacy and to form part of their registration documentation. To effectively map their data, an organization needs to understand the information data flow, and identify its key elements. 

Understanding The Information Flow

An information transfer is from one location to another including the following: 

  • Inside to outside the European Union
  • 3rd Parties through to customers
  • Applications used to process personal and sensitive information
  • Internally between departments

Data Mapping Requirements

Identifying Key Elements

Element

Description

Data Items

What kind of data (name, address, email, etc.) is being processed and the category (criminal records, health data, location data, etc.) that it falls into.

Formats

The format that the data is stored in (hardcopy, digital, mobile phones, etc.)

Transfer Method

How the data is collected (phone, social media, mail, etc.) and how it is shared internally and externally

Location

What locations are involved with data flow (office, cloud 3rd parties, etc.)

Accountability

Who is accountable for the personal data. This may change as data flows throughout the organization

Access

Who has access to the data.

Lawful Basis

Identify the lawful basis for processing the data

Data Map Flow Chart Example

Data Map Flow Chart Example

Data Map Diagram Example

Data Map Diagram Example