What are the key privacy components of data mapping?

For instance, GDPR (article 30 and 36) requires organizations to document their processing and conduct periodic data protection impact assessments (DPIA). Without a comprehensive data map, organizations can't comply with these requirements.

A comprehensive data map should have the following basic set of attributes:

  1. Data inventory - What data is collected?
  2. Storage - Where is the data stored? Is it secure and encrypted?
  3. Purpose - Why the data collected for?
  4. Use - Who has access to the data? Who is using the data?
  5. Flow - Where does the data flow? Who do we share outside the organization?
  6. Lifespan - When was it created? How long will data be stored? How will it be disposed of?
  7. Sensitive data - What sensitive /personal data does the data source hold?
  8. Data lineage - What data sources were combined or transformed to derive a data asset?
  9. Additional metadata that is relevant to data protection -
  10. What are the categories of data subject (customer, employee, partner, contractor) contained?
  11. What is the geographical location of data subjects in the data?
  12. Does it have a minor's data?

Download Example (1000 Sample Data) for testing

Click here to download csv

Prevent millions of $ of privacy risks. Learn how.

We take privacy seriously.  While we promise not to sell your personal data, we may send product and company updates periodically. You can opt-out or make changes to our communication updates at any time.