TrustArc Blog

EU General Data Protection Regulation (GDPR) Series; Implement – Data Mapping Analysis

January 05, 2017

GDPR-Guide

For organizations that operate globally, complying with the EU GDPR will likely require significant investment in personnel, process change, and new tools.  In order to meet the compliance deadline, companies are actively preparing now. TRUSTe has developed a four phase process to help guide you on the path to compliance.  During November, December, and January we will provide you with a series of tips to use along your path to compliance.

See Tip No. 4: Build Consensus for GDPR Compliance by executing an awareness campaign 

TIP NO. 5: Uncover Risk by Conducting a Comprehensive Data Mapping Analysis 

To ensure you have uncovered all of the risks and appropriately prioritized your plan, you must have a solid understanding of your organization’s complete data lifecycle.

The process to document this lifecycle is referred to as a data flow analysis or data mapping.

Data mapping will require that you talk to your teammates who know where data is at each of these stages across the enterprise and with third parties:

  • collection
  • storage
  • usage
  • transfer
  • processing
  • disposal

The IAPP / TRUSTe benchmarking study “Preparing for the GDPR: DPOs, PIAs, and Data Mapping” found that many organizations face similar barriers to completing a data inventory and mapping project for privacy purposes:

  • lack of internal resources / staff: 58%
  • it’s a low priority for the organization: 48%
  • too busy; focused on other projects: 32%
  • these projects are done by others: 30%
  • lack of budget for external consultants or suppliers: 30%
  • it cannot be maintained so no reason to start: 12%
  • don’t know: 10%

Don’t let these reasons stop your organization from uncovering risk. If you need help with conducting comprehensive data mapping, TRUSTe offers Data Inventory and Mapping solutions. Contact us for more information.