Understanding how your company collects, processes, transmits and stores data – as well as how it’s used and who uses it – is the foundation of your data privacy program and the key to complying with most privacy regulations. Yet the exact movements of sensitive data, including an organization’s crown jewels, are often poorly understood, providing unknown exposure points and increasing the risk of data loss.
For this reason, many of our clients have chosen to execute data mapping projects. Data mapping allows you to:
To provide visibility into the life cycle of your sensitive data, Focal Point's data inventory and information mapping methodology includes four key phases:
Documentation Reviews – Existing policies and procedures are gathered and used to refine the scope of discovery sessions.
Survey Creation and Distribution – Using our proprietary survey tool, surveys are distributed to your user base to gain insight into actual practices being used in the day-to-day creation and handling of sensitive data.
Discovery Sessions – Key stakeholders are interviewed to further refine the understanding of the information life cycle, current data management practices and the sensitive information within the organization.
Master Repository Creation and Evaluation – A master repository of information life cycle details is created and includes data element types, collection mechanisms, transfers, privacy and security practices and transfers to third parties.
An expert-led data mapping exercise allows for strategic decision making, including evaluation of regulatory compliance obligations, cross-border data transfers, contractual requirements and the focus of risk mitigation efforts. This methodology has proven successful for dozens of Focal Point clients, including those with complex or worldwide operations.