Data Mapping: Data Use & Processing Activities

Introduction

In this tutorial, you'll add your system's privacy activities and by the end of this tutorial, you'll be able to update and manage your system's privacy and processing activities for reporting.

Prerequisites

For this tutorial you will need:

• A Fides Cloud or Fides Enterprise account
• The role of Owner or Contributor for your Fides organization.

Adding data uses and processing activities

Once you've inventoried your system and it's available on the data map, you must complete the system privacy activities information that will enable you to report on compliance, identify risks, and assist with processing privacy requests.

There are three methods to add or update privacy related information for your systems on your data map:

1. During manual system creation
2. From the system management portal

Adding system privacy information during system creation

To add privacy information after creating a system manually, select the Data uses tab, from here you can add a Data use selecting the Add a Data Use+ button.

Editing system privacy information from the system portal

To edit a system, navigate to Data map → View systems where you can search existing systems. Click the kebab menu ... for your chosen system and click Edit.

On the system portal page, select the Data uses tab. From here, you can add or edit a Data use by either clicking on an existing Data use or the Add a Data Use+ button.

Completing data use declarations

The following information should be provided for each data use that applies to this system. Think of data uses as the various purposes for which you process data in the system and the following info as more detail about how the data is processed for this purpose.

Data use declaration

• Declaration name (optional): An optional name for this data use declaration.
• Data use: a business purpose for which this system processes data.
• Data categories: the categories of data that are processed by this system for the indicated data use.
• Data subjects: the types of user data being processed by this system for the indicated data use.
• Legal basis for processing: the legal basis under which data is processed by this system for the indicated data use.
• Retention period (days): the period of time for which data is retained by this system for the indicated data use.

Features

Features are descriptions of processing activities, primarily used for compliance with the IAB's Transparency & Consent Framework (TCF) (opens in a new tab).

Data use dataset references

A dataset reference is a link to a dataset configuration that will typically describe the schema of a data store, often including annotations for data categories. When datasets are referenced by a system, the categories annotated in the dataset will appear in the data map under the applicable data use.

Special category data

If the system processes special category data for this purpose, as defined by GDPR Article 9 (opens in a new tab), a legal basis for processing these categories of data for this purpose must be declared.

Third parties

If the system shares data with third parties for this purpose, the following information should be declared:

• Third parties: the types of third parties the data is shared with.
• Shared categories: the specific categories of data that are shared with those parties.

Next you will learn how to accelerate data entry by using Fides Compass, a privacy intelligence dictionary.