Building your data register
Can you answer these questions? Who’s personal data do you process? Why are you processing it? Do you have a legal right to do this? How long do you keep the data? Exactly, what types of personal data are they? Where is that data? Are you sharing it with any third parties? How did you get it? If you can’t, then you can’t protect the data. Mapping your personal data usage to create your data inventory is the first principle upon which all elements of a data protection programme are built.
You can’t manage it, if you can’t see it
If an individual makes an enquiry about his or her data, or there is a breach in security, you need a detailed map to be able to respond properly. CCH GDPR Compliance’s data mapping features make it easy for you to build out this map and it provides you with the records of processing activities you can use to both demonstrate compliance and ensure you have adequate data protection measures in place.
Successful mapping requires:
- Involving your team – HR, Sales, marketing and IT all have access to personal data and all need to be involved in the mapping process.
- Customising it to your needs
- Mapping data flows to third parties – both processors and controllers, so you know when personal data is leaving your organisation.