CHAPTER 9: DATA MAPPING
In order to fully appreciate the scope of the GDPR and your duties in relation to it, it is essential to understand the personal data you are collecting and that you already hold. This is especially important for DPIAs, for the simple reason that a DPIA relies on having a comprehensive understanding of the data lifecycle.
There’s no explicit requirement for data mapping in the Regulation, but it would be extraordinarily difficult to meet all of the GDPR’s requirements without establishing the lifecycle of personal data in your organisation. In particular, Article 30’s requirement for a record of processing activities could be nearly impossible to meet without some sort of data mapping process.
Data mapping is generally ...
Get EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.