What is a data mapping tool?
A data mapping tool is software that helps you build a visual representation of the data you store, giving you a clear overview of how data moves through your organisation. Data mapping tools can also be used to find personal information in files, emails and images. In this blog you will find the answer to how a data mapping tool can help you locate your personal data and comply with privacy regulations.
How does a data mapping tool work?
As mentioned, a data mapping tool is basically a scanning tool that can visualise the result of the scan. Generally speaking, there are 3 steps to operating a data mapping tool:
- Select data systems
- Review scan
- Clean-up
The guide here should give an insight into what the process of working with a data mapping tool is like and what the tool can be used to locate personal information. The guide is based on our own data mapping tool, DataMapper, but the process can be transferred to other data mapping tools.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Data mapping user guide
Step #1: Choose data systems
To begin with, choose the data systems where you store unstructured data (read about unstructured data here). For example local disks, cloud solutions, inboxes, etc. Select any locations where you might store important data. It’s important to realise that confidential data can often end up in inboxes and locations where you did not intend for it to go. For this reason, it’s best to select all the locations you use for business.
Step #2: Review scan
Once you have done a scan, you can view your results using tables and charts. Focus on:
- Risk level. How much risk and high-risk data is found? Is there more or less than you expected? If so, do you still need it all?
- Categories. What types of files contain the most risky data? Are there any categories that you should keep an eye on?
- Locations. In which computer system are most files found? Is there sensitive data stored in multiple locations? If so, are they safe?
- Users. Who has access to the most sensitive data? Do they need to access sensitive data to do their jobs? Do your access controls need to be updated?
- File age. How old are your oldest files? What does your privacy policy say about how long you will keep people’s data?
If you are pleasantly surprised with an overall positive result, make sure to highlight it in your privacy policy! Even if your results indicate you have work to do, there is still value in letting people know that you use data mapping tools to self-monitor, minimise the data you store, and reduce your risk of data breaches.
Step #3: Clean-up
After you have reviewed your results, start your cleanup.
- Filter your documents Make use of the various filters to facilitate the cleanup of the scanned data. Use filters such as location, category, person or risk level. Depending on whether the scanned files are in a location to which you have access, you must otherwise ask the person who is the “owner” to delete the found document. Remember that once you have found the document, there is a good chance that there are more duplicates – so the result of your first scan may seem larger.
- Open high-risk files and see why they were flagged A good data mapping tool allows you to focus on each individual file and see why it was marked as high risk. Review each file and mark it as either OK or Critical.
- Delete old files & remember to empty your trash and sent mail in your inbox The rules of the GDPR do not specify a specific time frame for how long you may store data, but you should set an upper limit for how long you store data on others. Get it written into your privacy policies – and stick to them. Storing personal data for longer than what your privacy policy prescribes is generally a bad idea and is in breach of GDPR legislation in general. When you have emptied your trash on your computer, the files are finally deleted – and when you initiate a scan of your local drives, there should therefore be no results from this. If you are in doubt about how to set up automatic deletion, you can (in Outlook) use this guide: set up automatic deletion in Outlook.
- Move data into correct folders and locations Keeping duplicates of the same files in multiple locations or inboxes will cause the red lights to flash. Be sure that the data you have left after going through it in a Datamapping tool is stored in correct locations and unnecessary copies have been completely deleted. Then cleaning up in the future will also be much easier.
Use a data mapping tool to continuously improve
Using data mapping tools can show you a different and smarter way of handling personal data. Here are the top 5 improvements/changes we see companies make after using a data mapping tool:
- Employees have access to data only if they need it to do their jobs
- They disable mail synchronisation to prevent email attachments landing in personal folders
- They set up automatic email deletion, especially for emails with attachments
- They choose better data-sharing tools, as well as centralised data storage.
- From time to time, they check up on themselves with a new scan to make sure data stays neat, organised and protected.
Want to know more about datamapping tools?
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Is a data mapping tool right for you?
I hope this enlightened you on how a data mapping tool works. If you need to clean up your data, you should take a closer look at our data mapping tool DataMapper.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
