Dec 18

Top 5 Pitfalls to Avoid When Mapping Your Data

In an ideal world, your data mapping process should give you a bird’s-eye view on what data you hold, what it’s for, where it resides – and where it’s going. In other words, great data mapping means better data management.

But are you doing it right?

Is there some hidden business data lurking in a corner that you’ve totally overlooked?

Are your data mapping efforts enough to stay on the right side of the regulators?

Can the people who matter actually make sense of your data map – and keep it up to date?

Especially if you have a sprawling IT estate to manage, getting an initial handle on data mapping can almost seem like more trouble than it’s worth!

But fear not; here’s our rundown of some of the most common data mapping pitfalls faced by organisations – and how to overcome them.

 

Pitfall 1: You’re approaching data mapping as a problem rather than a potential benefit

Recently, many organisations (especially those who do business in the EEA) have been looking seriously at the need for data mapping for the very first time. The trigger for this is of course the upcoming General Data Protection Regulation, due to come into force in May 2018.

Technology Law Alliance found in their recent survey that almost nine in ten large businesses now have at least “some form of data mapping” underway. That said, a much smaller proportion (18%), say they are confident of fully meeting their compliance obligations by May.

Two factors seem to be making things difficult for many businesses. They have a lot of data to grapple with – and not enough internal resources to get the job done (or at least get it done on time).

That initial pre-GDPR data mapping exercise you carry out is business critical.

Not least, without it, you’re at risk of failing to identify areas where (to quote GDPR) “the rights and freedoms of data subjects” could be at risk, thereby preventing you from implementing “appropriate technical and organisational measures” to manage the risk.

In light of this, it’s so easy to think of data mapping as just another administrative headache.

But are you missing something here? Yes, it’s vital from a compliance standpoint. Yet, as we’ve touched on right at the top, it’s also a potentially very valuable tool from a data management perspective. In other words, data mapping gives you new and useful insights across your entire business.

So right from the beginning, approach data mapping as a potentially valuable exercise, not as a burden. This also makes it so much easier to get buy-in for it from the people who matter in your organisation.

More specifically:

  • Assess the wider benefits of data mapping before you begin (our guide provides a handy launchpad for this).
  • Provide your people with the right framework and software for data mapping to ensure better compliance and better management (it will go a long way to relieving any burden on resources).

 

Pitfall 2: Failing to systematically map your estate

Are you missing something? It’s important that your mapping process doesn’t leave any blind spots or hidden corners where data resides but where you have failed to take it into account. These blind spots often fall into two categories.

First off; processes – everything from browsing data collected by your marketing team through to payment info collected by your customer support staff. For each area of your business, it’s crucial to identify each and every situation whereby data (and more specifically in the context of GDPR, personal data) is being processed.

Secondly; platforms and endpoints. What data resides across your customer-facing social platforms? How is it being used and what is it for? What about mobile and portable devices? Effective data mapping requires knowledge of what software and other IT assets are in use across your organisation.

  • A thorough process mapping exercise requires a forensic examination of what’s going on in each department. Interviews or questionnaires can be useful for getting exactly the info you need from departmental heads and other key people.
  • For a review of platforms and endpoints, tie it into your wider IT asset management strategy. Carry out an inventory of all software and platforms in play across the business. Scan your estate regularly to identify any non-approved apps!

 

Pitfall 3: Not keeping your data map updated

A data map is a living resource – not a once-and-once-only exercise!

In most businesses, rarely is it the case that data stands still. It moves from one location to another within an organisation – and it flows in and out of the business as a matter of routine.

The way in which it moves and the way in which it is processed also tends to change. New CRM-systems or document sharing tools, tweaks to your dispatch procedure, the arrival of a new social media platform: they might all mean changes to existing data processing activities – or entirely new activities to log.

To keep on top of this, it pays to make the task of updating your map as straightforward as possible. To help you, look for the following features as part of your data mapping tool…

  • The input process is hassle-free. The procedure for building up your map initially and thereafter adding new information should be intuitive to the ordinary business user.
  • Periodic reviews of data processing activities are scheduled and initiated automatically.

 

Pitfall 4: You can’t get the compliance info you need

GDPR for IT managersAccountability is one of the cornerstones of GDPR. In many areas of the new regulation, doing the right thing is only part of the story. You also have to show that you are doing the right thing.

A customer comes to you with a data access request. They want answers on what you hold on them and why you hold it. They also want copies of that data…

Later and as part of a breach investigation, the data regulator requests detailed info on storage and accessibility of the data that was affected by that breach…

If your map is doing its job properly, it will enable you to show that you’ve done the right thing. Giving you total transparency on what happened and why, and enabling you to quickly get hold of things like privacy impact assessments and third party processing agreements, it makes it so much easier to provide the right answers.

It’s the reason why it’s so important to equip yourself with a data mapping tool that’s hardwired for compliance!

 

Pitfall 5: You treat data mapping as “something for IT”

Beyond the issue of compliance, you’re only going to realise the full value of data mapping if you can draw insights from it. And this is only going to happen if the people who matter can actually make sense of it all!

First off; don’t overlook the practical value of top-level visibility. This should be your “world map”; the at-a-glance view of where data resides and how it interconnects across your organisation.

Beyond this, a truly useful data map should allow you to go much deeper. Not just to zoom in on a specific part of your business but also to present that info in such a way that it’s most relevant to whoever is reading it.

HR, legal, your CEO – even your shareholders at their AGM: a great map can and should be tailored for its audience. It’s so much more than a dry IT tool!

Ready to learn more about how best-in-class data mapping software can help your organisation avoid these pitfalls? Get in touch with us today.

Request a Free Demo

Get Access