Data mapping is closely related to data inventory by helping organizations understand where data is located and its purpose (classification). For the purposes of this definition, data inventory is different than data mapping in that it provides further intelligence on risk, protection, and compliance.
Data mapping involves discovering, classifying, and understanding personal or sensitive data for privacy compliance. Companies need to identify all data sources for personal information, discover what personal information resides on these sources, and analyze how the data flows to and from the sources. Data mapping lays the foundation for recording processing activities and for data protection impact assessments. With the addition of information such as protection and user access, organizations can also determine the risk of personal data for privacy compliance. This enables them to take remediation actions such as masking, encryption, deletion, or strengthening of access controls.
Many tools are available that provide discovery and classification. But many of these tools were not designed for privacy; they lack capabilities for correlating identities across sensitive data and do not provide the intelligence needed for compliance readiness. However, new purpose-built tools for privacy have emerged over the last few years. For example, it provides data discovery and classification, subject registry, lineage, and risk reduction of personal data. These capabilities provide privacy professionals the intelligence they need to understand the personal data landscape, its risk and undertake the most effective remediation.