Data Mapping

The process of documenting how personal data flows through an organization—from collection points through processing activities to deletion or transfer. Data mapping visualizes data's journey: where it enters the organization, which systems and databases store it, who accesses it, how it's processed, where it's transferred (internally and externally), and how it's eventually deleted or archived. Effective data mapping identifies all data sources, documents system interactions, tracks data modifications, maps third-party sharing, identifies transfer destinations, and highlights retention periods. Data maps support multiple compliance activities including creating privacy notices, responding to data subject requests, conducting impact assessments, managing vendor relationships, and planning breach response. Mapping techniques include interviews, system documentation review, data flow diagrams, and automated discovery tools. Data mapping should be updated regularly as business processes and systems change.