Data Flow Mapping

A prime requirement of the regulation is to know what personal data you have, what you use it for, and how it moves around the business and with partners.

Service Description

A data flow shows where information enters the enterprise domain, moves through its systems and processes, and eventually is archived or deleted.
Mapping processes involves interviewing department members and creating a clear picture of how data moves logically and physically around the organisation and to 3rd parties.
The output of the process is a document that explains the process step by step, and diagrams showing how data flows in a logical representation as well as how it physically moves, such as in the cross-functional diagram below.

Why Does the Regulation Want us to Map Data Flows?

The heart of the GDPR is knowing what personal data you have and how you use it. What comes as a surprise to many businesses is that it is actually very difficult to answer that question. In fact, knowing what data you have and how it is used is the sometimes the most difficult part of meeting the regulation.
Conducting a data flow mapping exercise can be a substantial task to undertake for compliance, but it’s also one where the return on investment can be immediate, in real cash savings.

A client of ours discovered through this process that they were sending an engineer up to 5 times during a process, where they in fact could achieve the same results using just one trip, if it was better organised.

Most businesses find large amounts of redundant, duplicate or unwanted data that they can safely delete, saving on the costs of disk space, security, backup processes, and bandwidth. Not to mention the increased risk associated with holding more data than is needed.

How We Can Help

We can help you determine what gaps you have in your data processing register, and then create a plan on what data flows most urgently need mapping and how that can be accomplished.
Contact us using the 'Contact us' button below and we can have a no-pressure conversation on how this might work for you.

Got Questions?

Contact us and let us know how we can help you
Contact us!

We're a group of privacy and security consultants with experienced GDPR practitioners and Data Protection Officers. We look forward to helping you align your company goals with appropriate and adequate organisational and technical measures. 

Copyright 2018 UKGDPR Limited, a company registered in England, company number: 11002759