Data Mapping and Data Inventory Tool

General Data Protection Regulation (GDPR) Article 30 requires processing activity record retention. It mandates organizations not only keep records, but also to produce them on demand. To remain in compliance with GDPR Article 30, organizations should follow these best practices.

  • Implement an automated, scalable process and system for all data mapping and data inventory.
  • Provide appropriate stakeholders with access to either department or organization-wide mapping and inventory data and reports.
  • Ensure all data mapping and data inventories are kept current and accurate based on thorough initial investigations and periodic updates to each user of the company's personal data. In case of an audit, reports need to be easily generated.
  • Connect each data mapping and inventory reports with specific individuals, including a history of each report entry and even internal or external communications involved with each report (or even each question). In case of an audit or internal investigation, a complete record of specific answers can be traced from its current information to the initial report.

Following these best practices, an organization can get a holistic view of where their company's data subject resides, how it's used and it flows through internal and external processes. This macro view of an organization's data subject database is essential to understanding unnecessary steps, processes and risk. This macro view also facilitates an effective way to respond to an individual data subject's requests for access, deletion, correction or porting their data to another source.

CENTRL's data mapping and inventory process starts with stakeholders completing questionnaires in regards to their use of the organization's data subject database, storage of the data, where the data is sent both internally and externally plus any other pertinent questions. Customized or standardized questionnaires can be sent to departments or individuals who can redistribute specific questions to other internal and external experts.

All responses are compiled to create a complete data inventory and data map for every internal and external process. Attributes such as the data subject, type of data, data inflows and outflows, location, retention, consents, etc., can be easily mapped, configured and maintained. With the CENTRL GDPR platform, organizations are able to leverage and benefit by using a single, cohesive repository for all GDPR-related content.

Because the CENTRL GDPR platform contains an advanced collaboration component, all related mapping and inventory communications are done within the CENTRL application, again negating the need for emails. Another benefit to CENTRL's collaboration capability is each communication is tied to a department, individual, questionnaire or even specific question, providing a complete record of all communications, in context.

As questionnaires are completed, the CENTRL platform can analyze each answer and flag those answers that violate company policies or require further investigation. Organizations can also automatically send notifications to respondents for monthly, quarterly or annual updates.

Now, organizations can monitor, analyze and report on their data mapping and data inventory with the confidence that they can easily manage a GDPR review. More importantly, the organization has a keen and insightful view of every component of their data subject database.

The CENTRL GDPR data mapping and data inventory solution can be a standalone application or, when used in conjunction with CENTRL's PIA/DPIA and risk management functionalities, can deliver an integrated and powerful GDPR compliance solution.

To learn more about CENTRL's GDPR solutions, talk to one of our GDPR experts today.