IN THIS CHAPTER

Mapping how you and your organization use data

Choosing a data management system

Maintaining written records of your data processing

The very first step of your GDPR compliance journey (after reading this book!) is to map the data flow in and out of your organization in order to fully understand the uses of the data. This key step is one that you cannot skip.

In this chapter, I first explain how to complete your data inventory and then show you how it informs a number of your other compliance documents — particularly, your Privacy Notice.

The data inventory will also help you, as a data controller, with your obligations under these two articles of the GDPR:

• Article 30: Mandates you to keep records of your data processing. (More on that topic later in this chapter.)
• Article 15: Mandates you to comply with data subject access requests (DSARs), where data subjects have the right to know exactly which of their personal data you are storing. (I talk more about DSARs in Chapter 14.)

Understanding the Rationale for Data Inventory

A key part of the process of becoming GDPR-compliant is understanding the data flow into and out ...