Since all of the questions surrounding compliance to data privacy regulations start with the organisation’s data map, it needs to be built the right way. This means organisations should use their tools and technology to stay flexible as these laws evolve, thus keeping the data inventory modern and actionable.
There are several questions to consider when it comes to managing data inventory, as well as relevant personally identifiable information (PII) at your organisation. Take a moment to consider each of these questions to be “must know” pieces of information that your organisation’s data privacy officers should have positive, “yes” answers to:
- Is it easy to filter and identify data based on any parameter, including regulatory statutes?
- Is it easy to update, maintain, and ensure that the data is accurate?
- Is the data able to be identified by record type, regulatory standard, and other variables?
- Does it contain all your organisation’s data?
- Can it include third parties that collect and store data on your behalf?
- Can you identify the data subjects by how they interact with your business?
- Can you identify where in your business process that data is stored?
- Can you identify the business purpose for collecting an individual’s personal information?
- Can you identify the collection methods of that personal information?
“Yes” answers to these questions probably indicate that a formal, structured process to keep data up to date is in place. A system of processes between departments that act as prompts to update the data inventory is also a great way to automate maintenance actions by stakeholders. And typically, the most effective way to run that automated process and maintain an up-to-date inventory of your ESI is to use a software platform that acts as a secure repository for that information.
Click here to read the detailed report.