The Importance of Mapping Data and Creating Data Inventory
According to Cisco, the total amount of data in the world is predicted to rise to as much as 3Tzb by 2020. Undeniably, data assets have become an invaluable part of the operations of many organisations nowadays.
Some of the core components of most data security and data privacy programs include knowing the type of data that is collected, with whom it is shared, where it is held, and how it is transferred.
The importance of data mapping and creating personal data inventory cannot be overstated. For starters, data mapping creates a visual overview of the data the organisation collects and stores. It also provides a clear insight into the possible risks associated with the location and the data type.
For many organisations, data mapping, also known as data inventory map can be a challenging task. This is especially true if there is no existing map of personal data inventory or if the organisation operates in different locations.
Without doubt, putting together a personal data inventory is a great idea for organisations handling personally identifiable information from consumers. Consider this analogy: If you’re running a retail business and you don’t keep a close watch on your stocks, you can end up disappointing customers, losing profits, and violating some regulations.
Essentially, a personal data inventory is a record of all the identifiable data within the organisation, on their websites, and their affiliates. Undoubtedly, this task can require a humongous effort since many organisations have more personal data than they’re actually aware of.
In line with this, it is important to be clear in terms of what constitutes personal data. Under the General Data Protection Regulation (GDPR), the term covers a vast amount of information including materials that can be used to identify individuals by:
- Phone number
- Banking information
- Identification number
- IP address
That is not all however. The GDPR’s wide reach also means that personal data can also include some not so obvious online identifiers. These special categories of personal data includes information such as:
- Ethnic origin or race
- Ethical or religious beliefs
- Health status
- Political opinions
- Biometric or genetic identity
- Trade union membership status
- Sexual orientation and history
Undeniably, that’s a lot of information to sort through. Looking at things from that perspective, it’s easy to see that the need for a comprehensive data inventory is obvious.
Personal Data Inventory
When compiling inventory, one of the first steps should be determining all the places where data lives within the organisation. This means that apart from the organisation’s website, it also includes looking into affiliated URLs as well as third party services that have collected information on behalf of the organisation.
The following key elements should be included in any thorough data inventory:
- Types of data
- Where the data can be found within the system
- Titles or names of the data owners
- How the data is used
- How data was collected
- Who has access to the data
- How long the data will be stored
- Data subjects
- Policies for preserving or deleting data
A data map can be a beneficial complement to an organisation’s data inventory. As data is gathered, it is ideal to sort them into easy-to-reference and searchable formats that will allow the organisation to easily locate and identify specific data points.
A great data map will also allow users to track the specific ways the organisation gathers data and how it flows once it enters the system. When creating a data map, don’t forget to include the following basics:
- The data source
- Reason it is collected
- People in the organisation that has access to the data
- Plans for its retention or deletion once it has served its purpose