Skip to content

New Updates: Data Mapping

Data mapping is done in phases:

Exactly like it’s currently done. First, your data subject types, processing purposes, and the lawful bases. Then the personal data types, processing locations and data sharing partners. Finally, the collection sources.

1. Record the ‘who’ and ‘why’

Select the department, data subject type (WHO), processing purpose (WHY) and lawful basis.


2. Describe the ‘what’ and ‘where’

  • Enter the Retention Period, Personal Data types, Special Category Personal Data types, including that second lawful basis, and Processing locations.
  • Under Data Sharing, add any Controllers to whom you disclose personal data.
  • Add relevant Notes and Files.

Once you’re happy with your input, click ‘Validate’,

If you see ‘OK’, then you’re done with this piece of data mapping. If not, you will be informed as to where to complete your data mapping.

3. Identify the collection source


After successfully validating each section under Data mapping, indicate the collection source/s for each of the personal data or special category types you selected in the data mapping.

Use the Filter to select the department, data subject type and personal data type. Select the collection source/s and if it’s from a Third Party, enter the category of the third party e.g., Credit Bureau.

Click Validate. If there are issues, the validation will inform you as to where the issues are. If you see ‘OK’, move on to the next set of collection sources.


Data mapping will integrate with the Records of Processing Report which you will find under Governance.

Reach out to us and tell us what you think?