Data Flow Mapping is the process of documenting the flow of information from one physical location to another. It enables you to track data from its entry point into your organisation, right through to its exit point – and everywhere in between. Getting a handle on how, where and why data moves through your organisation is central to complying with GDPR. Let me explain why.
Risk is one of the critical themes of GDPR. It is mentioned over 60 times in the regulation. With such a keen focus on risk, you need to be able to properly risk assess your data, your systems and your processes. Until data flows have been assessed and mapped they cannot be effectively secured against known risks – which will lead to data breaches and large fines from the Information Commissioner’s Office (ICO). With fines due to be reaching up to 20 million Euros, or 4% of turnover (whichever is higher), you really cannot afford to take this lightly.
For an over of GDPR, read our blog: What is GDPR?
So how will Data Flow Mapping help your business comply with GDPR?
Data Flow Mapping will do a number of things that will help you to get compliant with GDPR. Not least of all because, should the worst happen and a data breach occurs, being able to show the ICO evidence that you have done things like Data Flow Mapping to reduce those critical risk levels will mean lower fines and less harsh sanctions.
Data Flow Mapping will also:
- Produce a data inventory of your organisation’s Personally Identifiable Information (PII)
- Create a picture of your data’s origins, paths, exit points, access points and storage locations.
- Improve your data lifecycle management.
Once completed, it will become clear where the risk points are, and how you can reduce them. For example, you’ll be able to discover if a department has access to data that it shouldn’t, or whether you are holding on to data for too long if it doesn’t have a clear exit path. As we have already said, reducing these risks is what becoming GDPR compliant is all about.
Later this week we’ll be talking in more detail about Data Flow Mapping, how to get the most out of it, and the best approaches to use with it. Keep your eyes peeled.
GDPR is coming, and will impact every organisation. With less than a year to go its important that people get a handle on their data, or risk the ICO’s wrath. If you’d like to know more about how Data Flow Mapping can help you become GDPR compliant, talk to us today.