The increasing volume, variety, and velocity of data across an organization’s complex ecosystem of data sources create unique challenges for stakeholders across the business, which if left unchecked, erodes trust in the business, its processes, and stakeholders.
Finding ways to scale visibility into data sets across the business will help your organization develop business intelligence, accelerate fulfillment of privacy rights requests (DSARs), and support your broader data protection and data governance strategy.
In our recent webinar, we discussed the benefits of an automated data map, how an automated data map can act as the foundation for other privacy, compliance, and data intelligence initiatives, and how to get started. In this article, we answer the most popular questions from the audience.
Watch the webinar: The Automated Data Map: Your Foundation for Privacy, Security, and Governance
Automated data mapping FAQs
From what you see in the industry, who typically “owns/manages” the data map for an organization?
Typically, the privacy office owns the data map. However, increasingly we are starting to see additional stakeholders buy into the idea of an evergreen data inventory namely data governance and IT teams.
What about data collected manually or using older methods as opposed to the digital collection via a computer, for example?
OneTrust captures information through automated and semi-automated means. For information not in digital format, we can send out assessments to the organization and capture qualitative information. Once completed, we intake the assessment and automatically add it to the data map.
If my company already uses a very low-level data mapping program, can that data be imported into the OneTrust data map tool to better visualize our data?
Yes. Many companies have data management tools that serve a narrow, specific purpose. OneTrust’s data mapping solution pulls data from every corner of your organization. This allows you to obtain a full picture of how you use data across your company.
Does the OneTrust data mapping tool embed regulatory context? For example, would the tool know if data relates to an employee, business representative, or consumer?
Yes. We can apply multiple regulations and categories to any type of data found including employee or customer data. Our regulatory intelligence capability is backed by the largest database of regulatory research. We have over 40 in-house privacy analysts as well as an extensive network of contributors who are updating our research daily.
Can data mapping automation help build the data lineage, or does it just build the asset inventory?
Yes. The data mapping process builds a data lineage so you can follow the data flow throughout your organization throughout the data lifecycle.
How does the data discovery detect processing activities? E.g., order-delivery process can have multiple assets involved.
OneTrust Data Discovery detects data, including metadata and unstructured data, in systems and then combines that information with answers from assessments. This provides a complete data map.
Is it easier to start your data map from scratch than to amalgamate the systems?
No. In fact, it’s just as easy to switch from another system or to fit into your current tech stack. OneTrust Data Mapping Automation conforms to the needs of any environment and different sources.
How OneTrust helps with automated data mapping
Data mapping automation plays a pivotal role in increasing data quality, saving time, and laying the groundwork for an effective privacy strategy.
OneTrust’s data mapping software is designed to automate privacy from start to finish. This includes the discovery and classification of personal data across the IT ecosystem and population of a central data inventory and catalog to serve as the foundation of privacy and data governance initiatives.
With these tools in place, privacy teams can make more informed decisions, ditch manual data mapping processes, and make sense of complex data. Data Mapping Automation can also help organizations fulfill Article 30 obligations under the General Data Protection Regulation (GDPR).
 
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
        