Yesterday we had Ray Everett, Principal Consultant (US), TRUSTe, Veronika Tonry, President, Privacy KnowHow, former Global Privacy Manager at Chevron and Applied Materials, and Guy Sereff, Corporate Counsel, Level 3 Communications share which tools and resources companies are using to conduct data inventories.
Our speakers shared some of the biggest “lessons learned” from when they conducted Data Inventories for the first time, so that you can avoid them.
- There is no “one size fits all” approach – you should conduct these exercises in a way that fits with your company culture.
- Once you’ve received the support for the project, make sure you identify roles and responsibilities before any work begins. For example, what will the project manager, business unit leads, and subject matter experts be responsible for?
- Setting realistic expectations for the level of effort required to complete the project will keep it moving along and on track.
Additional insight shared by our speakers included benefits to other departments outside of privacy that are gained with conducting Data Inventory and Mapping. While the legal, regulatory, and compliance departments all gain ground with EU GDPR compliance, finance, IT, security, and development teams will benefit too. Identifying storage redundancies can save the finance department money, and the IT department headaches. The security team can pinpoint which data and business applications need to be protected. The development team can kickstart a discussion of Privacy by Design because they can see which applications are sharing information early in the development phase, and address any privacy concerns early on. Data Inventory and Mapping is an exercise that can bring benefits to the entire organization.
If you missed it, you can still listen to the full recording here.
TRUSTe Data Inventory and Mapping Solution combines privacy consulting expertise, our proven methodology, and powerful technology tools to help businesses meet privacy regulations like the EU General Data Protection Regulation (GDPR) and minimize data governance risk across the enterprise.