GDPR: data flow mapping and inventory

View all episodes of the "KPMG Privacy" video series.

Transcript

Austyn:

• Welcome to the third “how-to” GDPR video in KPMG’s privacy video series.
• This video is the first of three focused on how to address personal data, a foundational step to understanding privacy needs and resulting privacy program.
• This video will focus on how to identify and map personal data that your privacy program will govern.

Steve:

• Data governance initiatives require involvement and support of key data and business process stakeholders.
• These Stakeholders must determine data inventory and mapping requirements related to Article 30, such as:

1.  What information types and metadata like the legal basis for processing must be captured?

2.  In what form should the data be inventoried and/or mapped?

3.  Is there already a data scanning tool in the organization that can be leveraged?

4.  Can automation be applied to the process, alone or in combination with manually performed assessments?

5.  How will the data inventory be maintained, and who will own the data inventory?

Austyn:

• It is important to remember you must analyze the requirements in order to create an effective data inventory template.
• Pilot use of the template with the priority business processes identified in the previous video.
• Work with your business groups to determine an approach to ongoing inventory management.

Steve:

• We appreciate your time and attention as we address understanding your data.
• The next video in this series will address how to classify and protect data.
• Thanks for watching.