Just as your Security Governance rests on your inventory of where your information assets are, your Data Map is fundamental to your Privacy Governance. But it has to be the right Data Map. It’s not your Information Asset Register, for example.
Your Data Map has to be structured as part of your Privacy framework so that you’re looking for the right things and asking the right questions. You’ll then make gap analysis super simple so you can race forward with remediation. It should also automatically pop out many of your GDPR KPIs and reports.
Software such as Keepabl is very good for this, it soon gets difficult to manage it all using Excel.
Technically, Article 30 of GDPR is called Records of processing activities. People shortened that to RoPA but then also use it for a wider range of inventories from your full personal data inventory, your Data Map, to including your Information Asset Register. Keepabl has a great, short, blog on this.
The current draft Bill makes no real change to the RoPA requirements. Keepabl has published a simple side-by-side guide to the proposed changes regarding RoPAs, DPOs, DPIAs and DSRs.
Of course we can show you Keepabl and work with whatever software you wish to use. We’ll make sure your Data Map exercise asks the right questions so that your gap analysis, remediation and reporting run super smoothly.
See all our Services