Data Mapping Locates and Analyzes Data for Governance and Compliance
Data mapping is closely related to data inventory by helping organizations understand where data is located and its purpose (classification). For the purposes of this definition, data inventory is different than data mapping in that it provides further intelligence on risk, protection, and compliance.
Data mapping involves discovering, classifying, and understanding personal or sensitive data for privacy compliance. Companies need to identify all data sources for personal information, discover what personal information resides on these sources, and analyze how the data flows to and from the sources. Data mapping lays the foundation for recording processing activities and for data protection impact assessments. With the addition of information such as protection and user access, organizations can also determine the risk of personal data for privacy compliance. This enables them to take remediation actions such as masking, encryption, deletion, or strengthening of access controls.
What questions can data mapping answer?
- Where is personal data located? Understand the physical location and technology platform (i.e., Hadoop, SQL Server, file server).
- How should the data be classified? (Public, Private, Confidential)
- Where does the data flow to and from?
- What applications use the data?
What tools are used for data mapping?
Many tools are available that provide discovery and classification. But many of these tools were not designed for privacy; they lack capabilities for correlating identities across sensitive data and do not provide the intelligence needed for compliance readiness. However, new purpose-built tools for privacy have emerged over the last few years. For example, Integris provides data discovery and classification, subject registry, lineage, and risk reduction of personal data. These capabilities provide privacy professionals the intelligence they need to understand the personal data landscape, its risk and undertake the most effective remediation.
Here are additional resources to learn more about data mapping:
- Dataversity, “So, what is data mapping and why is it the key to GDPR compliance?”
- UK Information Commissioner’s Office, “How do we document our processing activities?”
You just learned about Data Mapping, now explore related terms like Data Flow Diagrams, Data Lineage, Personal Data, Data Privacy, and Data Classification.