Data Privacy, De-Mystified.
The first step to managing the requirements of privacy-related activities like Data Subject Requests and Minimized Access Control is to understand where your data lives and what information it contains. The most common output of this exercise is a data map, a schema that shows points of data collection, transformation, processing, and retention – essentially a map of a data point’s journey through the organization.
Although GDPR and CCPA don’t explicitly mandate that organizations produce a data map, it is the most practical way to account for a myriad of requirements including Articles 28, 30, and 35 in GDPR.
Data Mapping is also essential for any business hoping to comply with the CCPA’s “Look Back” Requirement, under which businesses must be able to provide a data record looking back 12 months from the time a consumer requests their information.
As more territories pass digital privacy laws, it will become essential for companies to maintain granular control over their data map so that they understand what data lives where, and the capabilities they must have in surfacing records by region. In sum, before performing any of the other required activities under GDPR, CCPA, and more, businesses must first build a data map.