Data Risk Management
Building a Data Inventory at Your Organization
May 19, 2020
What is a Data Inventory (or a Data Map)?
A data inventory (sometimes referred to as a data map or data mapping), is a comprehensive catalog of data assets held by an organization. A well-maintained data inventory includes up-to-date and detailed information (metadata) as well as the source of the data within the organization. Built correctly, a data map can provide important insights into the types of data an organization collects, where it is, who has access to it, and how that data is being used.
The use of data mapping allows organizations to operate more efficiently, increase reporting, mitigate risk, and meet privacy and compliance obligations. New regulations and laws such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) provide additional rights to consumers over the collection, sharing and usage of their personal data. To comply with these regulations, organizations must be able to identify individuals' data, provide, remediate, or delete on-demand, and vouch for third party vendors’ ability to do the same.
What Does a Data Inventory Have to do with CCPA Applicability?
Without a data inventory, managing consumer requests for data becomes the ultimate game of "seek and find." Gartner has already reported on the exorbitant amount of time and resources ($1,400 per consumer request) to find consumer data in compliance with new data privacy regulations like the CCPA. Those exercises become even more difficult when an organization doesn’t have a handle on its data.
Data lives across all areas of all different departments: legal, IT, marketing, services, sales—everywhere. Often, data lives in places many of us aren’t even aware of, due to either tribal knowledge that has long since left the organization or a lack of documentation and maintenance of important data sources. This emphasizes the importance of engaging leaders across the organization to help understand what is being and has been collected, with whom that data was shared, and where it currently resides.
Such an undertaking often requires a special project manager, or team (a committee of managers, for example) to help enforce data hygiene rules among departments. This team or individual would engage with key stakeholders across the business to better understand their practices around data and create a streamlined process for handling that data. The most effective and efficient way to handle your data inventory would be to use a software platform that can handle end-to-end collection and analysis of that data.
Since all of the questions surrounding compliance to data privacy regulations start with the organization’s data map, it needs to be built the right way. This means organizations should use their tools and technology to stay flexible as these laws evolve, thus keeping the data inventory modern and actionable.
Exterro has put together this guide to help individuals who play a key role in managing their organization’s data. With the right mix of people, processes, and technology, implementing and automating routine maintenance of your organization’s data can become an efficient way to comply with new privacy laws.
In this guide, we’ll cover the following:
- Why It’s Important to Have a Data Inventory
- How to Develop a Data Inventory at Your Organization
- Managing Data Retention Obligations
- Managing Third-Party Vendor Data
- Key Challenges of Creating and Maintaining Your Data Inventory
- A Data Inventory Case Study