Your organisation frequently carries out comprehensive data mapping exercises, providing a clear understanding of what information is held and where.
Ways to meet our expectations:
- Your organisation carries out information audits (or data mapping exercises) to find out what personal data is held and to understand how the information flows through your organisation.
- You keep the data map up to date and you clearly assign the responsibilities for maintaining and amending it.
- You consult your staff to make sure that there is an accurate picture of processing activities, for example by using questionnaires and staff surveys.
Can you answer yes to the following questions?
- Would staff say that there was an effective process in place to identify what personal data is held across the organisation?
- Could staff explain their responsibilities and how they are carried out in practice?
- Would the record match what people were currently doing?