Data mapping refers to the essential process by which an organization must successfully track and integrate the various data elements under its control. Properly executed data mapping ensures that the organization has a clear picture of the data being managed, how and where the data is being stored and processed, and the various safeguards being implemented to protect sensitive materials and meet GDPR compliance. Though there are common methods and best practices for achieving this, any number of activities performed with the ultimate goal of integrating data across multiple channels can be described as data mapping.
In order to map data effectively, an organization will develop a system unique to the data being managed, and this is often established through an automated process to minimize the potential for human error. This is achieved, in most cases, by the use of sophisticated software, which may be redesigned or replaced as the organization’s needs change, as well as to keep up with rapid technological advancements. Effective data mapping practices should provide a comprehensive, accessible picture of the management of large quantities of data flowing throughout an organization. As an example, through data mapping, the organization usually aims to tell the following about its relationship to any given data element at any time: What is being processed? How is it classified? What is the format? Where is it going? Why is it going there? Where did it come from? What is the lawful basis for processing it? Additionally, being able to determine who is responsible for any given task, as well as who has access to each data element within the organization, is often imperative for maintaining complicity and accountability where sensitive and/or personal data are concerned. In more general terms, data mapping should allow for all data and processing to be consistently and reliably accounted for.
Apart from being an optimal method for preventing errors that result in the mismanagement of sensitive information, maintaining accurate and up to date data mapping is a mandatory practice for any organization in order to meet GDPR compliance. The Information Commissioner’s Office describes data mapping exercises in the context of protecting personal data, and recommends regular information audits demonstrating a) that all personal data is appropriately classified and flows throughout the organization safely; b) that all records are current and all responsibilities assigned without ambiguity; c) that all staff has a reliable understanding of how data is being processed across all relevant channels. Some common challenges associated with data mapping concern accurately identifying personal data, understanding regulatory obligations, and employing the necessary technology to safeguard against theft and data corruption.
Information Commissioner’s Office - https://ico.org.uk/for-organisations/accountability-framework/records-of-processing-and-lawful-basis/data-mapping/