Data Mapping: Data Use & Processing Activities
In this tutorial, you'll add your system's privacy activities and by the end of this tutorial, you'll be able to update and manage your system's privacy and processing activities for reporting.
For this tutorial you will need:
- A Fides Cloud or Fides Enterprise account
- The role of
Contributorfor your Fides organization.
Once you've inventoried your system and it's available on the data map, you must complete the system privacy activities information that will enable you to report on compliance, identify risks, and assist with processing privacy requests.
There are three methods to add or update privacy related information for your systems on your data map:
To add privacy information after creating a system manually, select the Data uses tab, from here you can add a Data use selecting the Add a Data Use+ button.
To edit a system, navigate to Data map → View systems where you can search existing systems. Click the kebab menu
... for your chosen system and click Edit.
On the system portal page, select the Data uses tab. From here, you can add or edit a Data use by either clicking on an existing Data use or the Add a Data Use+ button.
The following information should be provided for each data use that applies to this system. Think of data uses as the various purposes for which you process data in the system and the following info as more detail about how the data is processed for this purpose.
- Declaration name (optional): An optional name for this data use declaration.
- Data use: a business purpose for which this system processes data.
- Data categories: the categories of data that are processed by this system for the indicated data use.
- Data subjects: the types of user data being processed by this system for the indicated data use.
- Legal basis for processing: the legal basis under which data is processed by this system for the indicated data use.
- Retention period (days): the period of time for which data is retained by this system for the indicated data use.
Features are descriptions of processing activities, primarily used for compliance with the IAB's Transparency & Consent Framework (TCF) (opens in a new tab).
A dataset reference is a link to a dataset configuration that will typically describe the schema of a data store, often including annotations for data categories. When datasets are referenced by a system, the categories annotated in the dataset will appear in the data map under the applicable data use.
If the system processes special category data for this purpose, as defined by GDPR Article 9 (opens in a new tab), a legal basis for processing these categories of data for this purpose must be declared.
If the system shares data with third parties for this purpose, the following information should be declared:
- Third parties: the types of third parties the data is shared with.
- Shared categories: the specific categories of data that are shared with those parties.
Next you will learn how to accelerate data entry by using Fides Compass, a privacy intelligence dictionary.