Skip to content

Data mapping and compliance with GDPR Article 30

Article 30 and the necessity of data mapping

Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.

Data Mapping to visualize the flow

Data mapping is an audit of this kind. It’s a visualisation tool that makes it easy for an organisation to see how data flows through its systems. This is useful, because understanding what personal data you process and where you process that data is critical to understanding and managing potential data protection risks.

Data mapping, therefore, is an essential preparation for GDPR compliance. It shows the type of personal data an organisation holds, where it’s kept and in what format, who it belongs to, who has access to it, and with whom it’s shared.

Data mapping also helps an organisation respond to data subject requests and facilitate the provision of the GDPR’s new data subject rights such as rectification, erasure and portability.

How to start the data mapping?

So, how to start mapping the personal data your organisation holds? The easiest and most thorough way would be to use a data mapping tool offered by a dedicated GDPR service provider. GDPR365’s data mapping tool, for example, collects details relating to the data flows in your organisation and generates a record of all your personal data processing activities. A data mapping exercise of this kind also documents the relationships between data controllers and data processors and enables you to provide up-to-date records of your data processing activities as required by Article 30 of the GDPR.

Data mapping is, in other words, critical to GDPR compliance and one of the first things you need to do in preparation for your initial, and ongoing, compliance with the new regulation.

Compliance date for the GDPR is seven months away. If you don’t yet have a compliance programme in place, there’d be absolutely no harm in registering for a trial of GDPR365 and seeing exactly what you’re going to need to do to become compliant.

image credit:


Leave a Comment