Expert Advice Community

Guest

Data mapping for GDPR

  Quote
Guest
Guest user Created:   Nov 21, 2017 Last commented:   Nov 21, 2017

Data mapping for GDPR

I'm security manager for a university. I would like some advice on how best to approach data mapping for GDPR. We have compiled an information asset register, but this doesn't take account of all our data footprint, so I'm thinking we need to run a discovery tool to verify the results, but they are quite costly. What are your thoughts?
0 1

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Nov 21, 2017

Answer:

Based on the background provided it seems the information asset inventory is limited to IT assets only and performed from the perspective of an IT security manager. This approach most likely won't provide a full picture of the processing activities performed in your organization.

Using a data discovery tool, although useful in some instances, will only provide some information about where the personal data is being stored and how it transits through different systems. The information gathered this way would not be sufficient to build a record of processing activities as required by art. 30 of the EU GDPR.

Our advice would be to start the data mapping process by first identifying the data proce ssing activities based on the processes that are ongoing within your company, for example in an university this could be gathering information about students onboarding, students lifecycle, HR management, security (IT Security and Physical security), suppliers management etc.

After identifying the relevant processes and processing activities the record of processing activities can be filled in with the information required by art. 30 of the EU GDPR. The EU GDPR implementation Toolkit provides guidance on how to perform a the data mapping as well as a template containing all the fields needed to ensure compliance with the EU GDPR art. 30 requirements - see the details here: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 21, 2017

Nov 21, 2017

Suggested Topics

Guest user Created:   Sep 01, 2022 EU GDPR
Replies: 1
0 0

Determining necessary security measures

Guest user Created:   Feb 07, 2020 EU GDPR
Replies: 1
0 0

Questions regarding GDPR

Guest user Created:   Oct 08, 2019 EU GDPR
Replies: 1
0 1

Privacy questions