Legal Compliance Requirements
One significant new development companies are working toward implementing is a dynamic record of their processing activities. Article 30 of GDPR states that all controllers must develop a “Record of Processing Activities.” There are seven requirements controllers must adhere to when developing this record, and a data inventory can cover several of those requirements. Most notably, the requirements that controllers must:
- Include a description of the categories of data and data subjects;
- Relevant third parties who obtain any personal data; and
- Data retention thresholds for personal information.
The Association of Information Privacy Professionals (IAPP) defines a “Data Inventory” as
“Also known as a record of authority, identifies personal data as it moves across various systems and thus how data is shared and organized, and its location. That data is then categorized by subject area, which identifies inconsistent data versions, enabling identification and mitigation of data disparities.”
In general, a Data Inventory is a record of data collected, processed, and stored by the organization. Understanding what data you have, and what core functions your business uses that data for, can help you understand how/if that data is regulated.
A Practical Start
Understand what services your organization provides or products your organization develops. This also includes the various details and intricacies involved in the sale or provision of the product or services.
What kind of transaction is it? Do we collect additional information beyond an exchange of currency or a promise to pay? Is the transaction recurring on a frequent basis? What data is needed to complete the transaction and provide the service or product?
Questions like these are a good start to get the ball rolling. Once that ball starts rolling, we’ll be able do further dig into the technical requirements and systems that are involved in the transaction and the collection of any data.
Benefits Beyond Compliance
To put it simply, you know what you have on hand and where it’s located. It gives you a better understanding of your organization.
Beyond the simple benefit of knowing yourself better, other benefits include, but aren’t limited to:
• Perform analysis to identify trends, opportunities, and weaknesses.
• Get the “skeleton” in place for building up the organization.
• Using the data inventory to help train your LLM/AI/Automated bot to help you later.
• Know what to sell at what time and when products are phasing out.
• Generate more accurate reports and enable end user to be more equipped to succeed in their role.
This list is a start, and not exhaustive. Any other benefits you decide should be left up to you and your processes!