Published on Oct 22, 2020 
Data mapping has been around for a long time. It was even identified as a best practice in the Federal Rules of Civil Procedure (FRCP). But everyone knows it’s the responsibility of IT, right? Well . . . not so much.
Privacy regulations bring data mapping to the forefront.
As the size of the digital universe grows, governments are requiring companies to manage and secure their data. Privacy regulations such as GDPR, CCPA and more than 20 other laws being proposed across the US mandate that a company knows where its data is stored, when and how it is accessed and processed, and with whom it is shared. In addition, you must be prepared to report your data management and security processes. Data mapping is a proactive approach to complying with these regulations and their tight deadlines. It’s a key component in finding corporate data fast and lessening data risk!
So why doesn’t every company already have a data map?
It seems complex and challenging – much time and many resources. When considering complying with privacy and security regulations, this kind of thinking must change. Think of the data map as an asset, not a project. Approach it with the same efforts, care and concern expounded on creating and caring for your brand, products, or services. Merging people, processes and technology makes such an approach to data mapping realistic.
What are the benefits of a data map?
As data accumulates throughout a company, a data map organizes and helps manage data in a secure, compliant manner. A data map is a central location easily depicting what data is stored where, how that data is being used and who has access to it. Without a data map, data may live in places you’re not even aware of because people leave the company or documentation is lacking. Data maps provide just what is needed to improve eDiscovery efficiencies, reduce risk of internal and external breaches, and respond to data subject access requests (DSARs) in a timely manner. With a data map, you’ll even know what happens with an individual’s data after it has fulfilled its purpose.
You’re convinced—a data map is critical. Who’s responsible?
Data is collected and used by a variety of teams throughout your organization. All these teams know their data best. The IT specialist cannot possibly know the purpose of all data collected and processed. Information workers are distributed throughout the organization. Data mapping is a shared responsibility—shared among:
1. Legal
2. Privacy
3. Compliance
4. Governance
5. Sales and marketing
6. Human resources
7. Records management
8. Finance and accounting
Data mapping is shared by any department where data lives and people oversee it. Bringing these teams together puts data mapping in its proper perspective—critical to the entire organization. This corporate-wide effort may be exactly what is needed to gain stronger, faster executive support. In addition to bringing the right people together, you need the right technology. The right technology helps automate the creation of the data map, keeps it up to date and provides a necessary, repeatable process.
Along with the right technology, it’s imperative that you consult with subject matter experts to help identify data types and mitigate associated risks. The right team will work with your organization, help get buy-in from key stakeholders, and show you how to leverage a data map to build and implement other information governance programs!
