Data Mapping

Data Mapping Locates and Analyzes Data for Governance and Compliance

Data mapping is closely related to data inventory by helping organizations understand where data is located and its purpose (classification). For the purposes of this definition, data inventory is different than data mapping in that it provides further intelligence on risk, protection, and compliance.

Data mapping involves discovering, classifying, and understanding personal or sensitive data for privacy compliance. Companies need to identify all data sources for personal information, discover what personal information resides on these sources, and analyze how the data flows to and from the sources. Data mapping lays the foundation for recording processing activities and for data protection impact assessments. With the addition of information such as protection and user access, organizations can also determine the risk of personal data for privacy compliance. This enables them to take remediation actions such as masking, encryption, deletion, or strengthening of access controls.

What questions can data mapping answer?

  1. Where is personal data located? Understand the physical location and technology platform (i.e., Hadoop, SQL Server, file server).
  2. How should the data be classified? (Public, Private, Confidential)
  3. Where does the data flow to and from?
  4. What applications use the data?

What tools are used for data mapping?

Many tools are available that provide discovery and classification. But many of these tools were not designed for privacy; they lack capabilities for correlating identities across sensitive data and do not provide the intelligence needed for compliance readiness. However, new purpose-built tools for privacy have emerged over the last few years. For example, it provides data discovery and classification, subject registry, lineage, and risk reduction of personal data. These capabilities provide privacy professionals the intelligence they need to understand the personal data landscape, its risk and undertake the most effective remediation.

Prevent millions of $ of privacy risks. Learn how.

We take privacy seriously.  While we promise not to sell your personal data, we may send product and company updates periodically. You can opt-out or make changes to our communication updates at any time.