This Practice Note provides practical guidance on how to undertake data mapping. It is based on an article by Nicola Fulford of Hogan Lovells and Krysia Oastler of Kemp Little, first published in the Privacy and data protection Journal.
Data mapping (finding out what personal data your organisation processes) is often cited as one of the first tasks to tackle in a data protection compliance programme.
Data controllers are required to have a written record of data processing activities—such records must be made available to the supervisory authority on request. See Precedent: Data processing register. According to ICO Guidance: How do we document our processing activities?:
‘A good way to start is by doing an information audit or data-mapping exercise to clarify what personal data your organisation holds and where. It is important that people across your organisation are engaged in the process; this can help ensure nothing is missed when mapping the data your organisation processes. It is equally important to obtain senior management buy-in so that your documentation exercise is supported
Access this content for free with a 7 day trial of LexisNexis and benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 42 practice areas
Get your quote today and take step closer to being able to benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 36 practice areas
Get a LexisNexis quote
* denotes a required field
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
CONTACT US
