Data Mapping
Having provided information ALIAS about your environment, the next step is to make declarations about how that Personal Data is used including:
- Who is processing your Personal Data
- Security Measures you have implemented to protect Personal Data
- Mapping the Personal Data to their DataSources
Defining Data Recipients ⚖️
As part of tracking the use of Personal Data by your organization, ALIAS needs to know information about who outside your organization will be making use of the Personal Data for which you are responsible.
These other organizations are known as “data recipients.”
Types of data-recipients include:
- External organizations (partners, public administration)
- Data processors (suppliers, sub-contractors, software vendors, servers, tool)
- Joint controllers are external legal-person, sharing the data processing responsibility with the company.
Note that departments (services and sub organizational units with your organization dealing with personal data) are data-recipients but not declared as legal-persons.
Defining Security Measures ⚖️
An optional step as part of Data Mapping process is to provide ALIAS with information about the technical and organizational security measures involved in data processing (ex: CCTV)
Defining DataType to DataSource Mappings 🔧
Define Data Sources and map those storage locations to Data Types.
You will start with defined Processing Records.
Those Processing Records pertain to a set of Data Types and Data Addresses, which you will assign to your Processing Records.
Get ProcessingRecord
Get ProcessingRecord DataTypes
List DataLocations of DataSource
DataSource Validation ⚖️
Once the IT team declares all of the DataSources and the address of each type of data according to the context of a processing record, the DPO must validate their accuracy.
Updated over 2 years ago