Data Inventory

What is Data Inventory for personal data?

A data inventory, also known as a record of authority, identifies personal data within systems and helps in the mapping of how data is stored and shared (data mapping). Data inventories are defined under privacy regulations including the GDPR, CCPA, and CPRA. 

Data Inventory and Privacy Regulations

While the concept of data inventory is not new, it has taken center stage the past few years. Regulations now in effect including the GDPR and the CCPA are driving factors for businesses around the world taking a much closer look at their data.

A data inventory is at least necessary because understanding what information the company gathers contributes to enhanced productivity and greater transparency for everyone in the organization. Data inventory outcomes can also contribute to improved overall reporting, decision-making and optimization of operational efficiency.

Protection and Enforcement

By creating a checklist for protection and enforcement criteria, committing to a data inventory plan also helps to evaluate and reduce risk and uncertainty. Together, the inventory of data helps to define and guarantee transparency, better match organizational task priorities, improve trust and continuity, and create knowledge and efficiency.

It is much more difficult to determine the underlying risk without an accurate inventory, which can further make it difficult to define the controls that your company requires to safeguard your critical information assets.

With numerous data streams entering the pipeline into the information system of your company, it is important to understand where everything comes from so that it can be properly structured, accessed, analyzed and secured.

Data Sources

Here are just a few common sources of data to consider:

  • Internal business systems for planning, accounting, financial reporting, and other business processes
  • Cloud based systems for storage and computing
  • Third-party systems and data feeds from customers or partners
  • Systems with customer data including marketing, sales, CRM, and similar systems

In addition to previously mentioned advantages, gaining better insights into the type of data you collect, where it is held, with whom it is shared, and how it is transferred provides you with better accessibility.

Improved accessibility is based on learning more about where your data is stored, how well different systems interact or integrate, whether there are unique keys between sources to link related data, and whether there is duplication or potential conflict between different sources of data.


Privacy Primer: Mastering the Data Privacy Basics
Learn More