Assets, GDPR and Flows
How Assets and Data Protection relate each-other
Introduction
Data Protection is made of two components:
- Assets: this is the data that moves around your organization, in the context of Data Protection they come from the Asset Management module.
- Data Flows: for every asset you will have one or more data flows, they describe how data moves around the organization.
We will describe how these two modules work together as their relation is required in order to use the Data Protection module.
Asset Management
When you create an asset at the "Asset Management" > "Asset Identification" module you can specify the type of asset. If you want to use an asset in the "Asset Management" > "Data Protection" module then you need to set the type of asset to "Data Asset".
Only assets of that type will show under the "Data Protection" module. Once the assets show in this module you can start describing the attributes of the asset in the context of "Data Protection".
General Attributes and GDPR
Under the "Data Protection" module you can click on "General Attributes" and provide further context on this asset, in particular in relation to GDPR.
The form will ask you different mandatory (based on the regulation) attributes you must understand and document if you want to be compliant with the legislation. There are helper texts with extracts of the legislation that will make it easier for you to understand what is expected from you.
Data Flows
Each Asset will have one or more data flows - data flows describe how data moves across the organization, there are types of flows:
- Collect: how data is collected, using online form, paper format, Etc.
- Modified: how data is modified, by whom, Etc.
- Stored: where and for how long data is stored.
- Transit: how data moves around, over courier, networks, Etc.
- Deleted: how data is discarded.
Is perfectly normal to collect the same data in three different ways (For example: digital, paper and verbal) so dont be surprised if you find yourself in the situation where multiple flows of the same type exist.
For every flow you will also describe:
- Which Business Unit is involved
- Which Third Party
- What Risks exist
- What Control are used to mitigate
- What Projects, Policies, Etc
If you have enabled GDPR under the "General Attribute" tab, then for every flow you will also have GDPR related attributes to complete.
Playlist
- Episode 1Introduction to Data Privacy1 min left
- Episode 2Introduction to this Course1 min left
- Episode 3Problem vs. Solution Principle5 mins left
- Episode 4Prerequisites2 mins left
- Episode 5Data Protection Module Tabs1 min left
- Episode 6Assets, GDPR and Flows2 mins left
- Episode 7Adding Assets to the Data Flow Module2 mins left
- Episode 8Data Protection Related Modules1 min left
- Episode 9Creating Data Flows2 mins left
- Episode 10Typical Filters: Data Protection Module2 mins left
- Episode 11Typical Reports: Data Protection Module1 min left
- Episode 12Typical Dynamic Statuses: Data Protection Module1 min left
- Episode 13Data Protection Implementation Guidance2 mins left