CHAPTER 7: DATA MAPPING
In order to fully appreciate the scope of the GDPR and your duties in relation to it, it’s essential to understand the personal data you are collecting and that you already hold. This is especially important for DPIAs, for the simple reason that a DPIA relies on having a comprehensive understanding of the data lifecycle.
There’s no explicit requirement for data mapping in the Regulation, but it would be extraordinarily difficult to meet all of the GDPR’s requirements without establishing the lifecycle of personal data in your organisation.
Data mapping is generally considered best practice for any data protection or privacy compliance programme, because you can’t protect your information if you don’t know:
a) that it ...