Data Mapping & Data Privacy Services

Data Mapping for Privacy Compliance

Data mapping is a critical component of most privacy compliance and an important tool for data visualization within an organization. Our data mapping software tools can automate portions of the process to make it quicker and easier to understand where data is collected and if it is being shared. 

What is Data Mapping?

A data map shows the points of collection for data throughout the organization and external sharing with third-party vendors and others. It can be used as the starting point for data protection impact assessments into the consequences of data collection and storage on the privacy rights of the data subjects. It also forms the basis for ensuring adequate record keeping about processing activities . Data maps are often put into visual representations such as graphs or tables in order to understand where the data is being collected, held or transferred.

CyberSecOp Discover Data & Data Mapping Solution

CycerSecOp Discover Data indexes disparate data sources in a single repository to enable leaner collections, discovery of relevant data, and speeds early case assessment and review. Discover Data delivers the tools and the relevant data to empower legal professionals to effectively perform eDiscovery. With one single-source Data Governance solution providing data mapping and delivering actionable data intelligence to empower strategic decisions around data reduction, compliance. Speeding up the data mapping and clacificationg process by compress information governance timelines by ingesting, analyzing, and taking action on petabytes of data in weeks, not months.

The key challenges of data mapping

• Identifying personal data:

  Personal data can reside in a number of locations and be stored in a number of formats, such as paper, electronic and audio. Your first challenge is deciding what information you need to record and in what format.

• Identifying appropriate technical and organisational safeguards

  The second challenge is likely to be identifying the appropriate technology – and the policy and procedures for its use – to protect information while also determining who controls access to it.

• Understanding legal and regulatory obligations

  Your final challenge is determining what your organisation’s legal and regulatory obligations are. As well as the GDPR, this can include other compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.
  Once you’ve completed these three challenges, you’ll be in a position to move forward, gaining the trust and confidence of your key stakeholders.

Data protection & Data Mapping

1. Data Mapping: Map data allow your organization to accurate notification decisions every time and demonstrate a strong culture of compliance to protect your brand reputation. Discover Data provides a centralized location for documenting and managing the relevant aspects of you data mapping program.

2. Assess the risks. Assessment of the risks. Identify the vulnerabilities and what needs to be done to better protect against them. A data inventory should be done so the firm knows the various types of data that it is maintaining.

3. Assign responsibility. Someone at the firm should be responsible for handling privacy issues. There should be a person responsible for data security. Every collection of data should have a person responsible for it (called a “data steward”). Everyone at the firm should know whom to call with any questions about privacy or security.

4. Develop policies and procedures. Develop or improve policies and procedures for how various types of data are to be handled and protected. What are the policies regarding placing data on portable devices? Employee access to data? Encryption? BYOD? Social media use? How is any PHI/PII identified and handled?

5. Implement workforce security awareness training. Develop an annual security training program to ensure that everyone knows how to handle and protect data properly, the importance of privacy and security, and whom to call if there are any questions or concerns. “Security awareness is essential to effective security. There cannot be effective security if users are not trained or do not understand the issues and the applicable security policies.”

6. Develop an incident response plan. Develop a plan for responding to privacy and security incidents. This plan involves how to handle the investigation, who is responsible for which tasks, what laws and regulatory requirements need to be followed, what third party vendors are best to hire to help with certain tasks (forensic investigations, breach notification, etc.). The plan should also involve how to handle PR. Time will be very scare during an incident; it is best to be ready in advance rather than scrambling frantically after a breach. There should also be a plan for how to handle clients whose data is implicated.

• Look into cyber insurance. Organizations should look into insuring against the risks and understand what things are covered and what things are not covered by various policies.

Data mapping and inventory are critical components of any privacy program. Understanding how data is flowing through the organization is a pre-requisite to being able to secure the data and analyze the data for risks. Maintaining an inventory also helps organizations more efficiently respond to data subject rights request to delete, correct, access, or port their data.