Know Your Data - Map the 5 W's
Organisations must consider how well they understand the flow and use of personal data, including who has access to it and why.
The new requirements for, in particular, enhanced transparency information, robust information security, records of processing activities and extended, stronger, rights require an in-depth knowledge of what personal data is processed and why.
Businesses should consider mapping the the personal data being processed.
The Commissioner has created a document to assist controllers: "Know Your Data: Mapping the 5 W's", with separate editable "Mapping Pages". this can be completed without any in-depth knowledge of the law.
Businesses should start to review and analyse:
- The personal data being processed
- Ask what actually happens across the business – consult both senior management and front line staff about how personal data is obtained and used
- The retention of personal data (including archives)
- What security measures are in place
- Where/how the personal data stored
- Retention of personal data