Relevant GDPR Articles
- Article 6: Lawfulness of Processing
- Article 30: Records of Processing Activities
- Article 32: Security of Processing
Compliance with GDPR Article 30
Data mapping and inventory are critical components of any privacy program. Understanding how data is flowing through the organization is a pre-requisite to being able to secure the data and analyze the data for risks. Maintaining an inventory also helps organizations more efficiently respond to data subject rights request to delete, correct, access, or port their data.
In the EU’s new General Data Protection Regulation (GDPR), organizations are expected to maintain extensive and up-to-date internal records of their data processing activities. According to Article 30 of the GDPR, organizations will be held accountable for compliance with record keeping requirements, with equal responsibility given to both data controllers and data processors.
OneTrust provides a simple and automated solution for data mapping, designed to address compliance with GDPR Article 30 record keeping requirements and self-certification with Privacy Shield for data transfers. OneTrust Data Mapping enables organizations to visualize the entire data lifecycle, maintain an evergreen data inventory (data processing register), identify gaps and track recommendations, evidence and approvals for remediating risk.
Comprehensive Data Discovery
When it comes to detecting and generating data flows, a combination of approaches is required for long term sustainability and accuracy. OneTrust provides a hybrid approach, where everything is linked into a single central inventory of data flows. A combination of questionnaires, integrations with e-discovery tools, and integrated APIs can be used to generate the most up to date, compliant, and actionable data inventory.
Start Mapping Data
OneTrust provides multiple ways for you to map data flows across your organization. Our built-in questionnaire template can be easily tailored and helps collect information about the purpose, type and process by which personal data is being collected, used, stored and transferred.
Discover Unknown Data
OneTrust gives you the ability to integrate with e-Discovery tools, which help discover data you may not have known about. Artificial intelligence and machine learning is used to analyze identity sources (CRM, HRIS) and detect the movement and storage of data across corporate websites, networks, and business applications – in both structured and unstructured repositories.
Integrate Existing Inventories
Our API framework gives you the most flexibility in terms of pulling and pushing information between OneTrust and enterprise systems where you may have existing inventories of assets, vendors or any other personal data processing activities. Common locations include GRC solution, such as Archer, ITSM such as ServiceNow, and existing vendor management or DLP systems.
Data Lifecycle Visualizations
OneTrust provides a tabular, searchable, and sortable inventory of data to meet the Article 30 (GDPR) record keeping requirements. Additionally, OneTrust automatically generates visualizations and data flow diagrams as tools for easier analysis and executive communication.
Visualize the Flow of Data
Based on the latest data discovery activities, OneTrust visualizes the flow of data across your organization into a number of interactive graphs, including Asset Tracking, Cross-Border Data Flow, and Data Lineage.
Consolidate Data Inventories
OneTrust also provides a consolidated (de-duplicated) view of data inventories, such as Business Processes, Assets, Vendors and Data Attributes, with the ability to search across your entire library, and export to a CSV file.
Maintain Evergreen Data Inventory
Integrate with Ongoing Privacy Workflows
OneTrust shares the underlying architecture for questionnaire templates across privacy impact assessments (PIA) and data mapping, which means any new information collected from PIAs automatically gets updated across data flows, inventories, and risks analysis. Additionally, any new APIs and scan results also feed into the common central inventory.
Identify Gaps & Remediate Risks
Meet Requirements for Compliance
OneTrust flags risks, including severity and likelihood, and provides follow-up recommendations in order to meet compliance. Risk are flagged visually on the graphs, as well as in the tabular views. A comprehensive gap analysis report is also available. As you and your team address the identified risks, you can store evidence, and track remediation activities and approvals, all within OneTrust.
Keep a Complete Record of Activities
Track Versions and History
In order to fully meet the record keeping requirements of GDPR Article 30, OneTrust provides a complete audit trail of data mapping activities within our platform, including version control and historical views.