eDiscovery Daily Blog

Unsure About How to Map Your Data for GDPR? Here are Several Templates to Get Started: Data Privacy Best Practices

Now that Europe’s General Data Protection Regulation (GDPR) is in effect, all organizations out there have a good handle on all of their data, including which personally identifiable information (PII) they handle for European data subjects out there and clear policies for how they ensure protection of that PII.  Right?  OK, maybe not.  If your organization is still scrambling to comply with GDPR and still trying to get a handle on the data you’re managing and the flow of that data, here is a site with several templates to help you get started in that process.

The site Demplates has templates for all sorts of things, including SWOT analysis templates (we wrote about the benefits of a SWOT analysis here), Certificates of Appreciation for employees, even Pest Control Service Agreements.  A couple of months ago (on my birthday, no less), the site posted GDPR Data Mapping Template: 10+ Print-Ready Templates, with several useful templates to help organizations create data maps, data flow diagrams, GDPR Data Processing Notices, privacy policy and data protection policy statements, data protection impact assessments and data audits.  The template documents are in different formats, including Excel, Word and Visio.  Here are pictures of a couple of examples:

With the challenges these days stemming from the growth of big data, data mapping is not only a good organization practice to not only help get a handle on your organization’s big data, but also to document your organization’s handling of PII and compliance with GDPR on the handling of PII.  Tom O’Connor and I talked about the importance of data mapping in our webcast on GDPR back in February (you can check it out here).  Data mapping supports in compliance and adherence to critical GDPR factors such as:

  • Maintenance of the data lifecycle;
  • Documentation that records are kept in adherence to the rules of GDPR to submit to the regulatory and supervising authorities;
  • Maintaining Accountability of the data for the full data lifecycle;
  • Evidence for the organization that the data is protected in its full cycle.

If you’re still scrambling to comply with GDPR, perhaps one or more of these templates can help you document your compliance or help you discover one or more areas where you may be deficient in your compliance.

So, what do you think?  Is your organization still trying to comply with GDPR?  Does your organization have an organization data map?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.