“How can you handle a data subject request if you don’t know where to look? As you know, this is the first step in the DSR process — and if you can’t fulfill this step, you can’t move forward to the next. This makes data mapping and organization one of the most important investments a company can employ. Discovering user data can often be the most time-consuming step. And as we know, time is everything in DSRs.
But don’t worry — we’re going to go over the six most common places your user data can be found:
Metadata is data about data. Don’t try to say that 5 times fast! Metadata is one of the most common places to find a user’s data. It transcribes details about the date, time, location, or other data about when a piece of information was created, opened, and distributed. In essence, it contains the history of a piece of data. It’s used for data such as web pages, computer files, images, spreadsheets, relational databases, and more.
You can often find information relevant to users’ privacy data under their preferences. For example, whether or not they opted out of having their information sold or collected, their ad and cookie preferences, and email subscription preferences.
#3: Login Info.
Looking for identity and contact information? This data will likely be stored in the user’s login info. You’ll find basic data, such as their name or username, email address, password, phone number, and any other information you require to create an account.
#4: Payment Method.
We learned that users are often most concerned about their financial data security. Too often, users’ credit cards and payment information can get compromised, leading to significant financial distress and loss. If a user has experienced this in the past, they may be likely to submit a DSR to have this information removed. In their payment method, you’ll often be able to find their credit card or other protected payment information, along with personal identity information, such as their name, home address, email address, and phone number.
[Payment or User History]
#5: Payment or User History
These resources will lead you to data points focusing on a user’s activity. If consented, your company may be able to track a user’s history on your site, including when they’ve visited, what they’ve viewed, and when and what they’ve purchased. Again, you’ll often be able to access activity data and payment method information here.
#6: SaaS Applications
Lastly, and most importantly, the most common places you may find your users’ personal data are in the SaaS tools and services you use. These could be your CRM platform, emailing services, analytics tools, payment solutions, etc. Each of these could hold your users’ data on its own.
When sharing a copy of the data, rectifying or removing it, you need to ensure to do so everywhere it’s found. Remember: Data is often scattered across many sources such as databases and SAAS apps. Now, this is a lot to keep track of. But one of the most effective ways to keep track of and organize this data is through data mapping.
Data mapping is the practice of connecting or “mapping out” data sets from one field to another. This can keep all of your data organized and correlated so that it’s all there when you need to access it.
There are two ways to perform data mapping: Manual and automated. Notice a pattern?
[Manual Data Mapping]
With manual data mapping, you’ll first need to interview all of the employees in the organization to determine what tools they use that may hold user data. These are, of course, data sources. Next, you’ll need a developer to code and connect data between sources to manually map your data. This can work if you don’t collect much data as an organization. But today, most organizations collect an immense amount of data, making this process extremely difficult (and not to mention time-consuming) to perform accurately without software.
[Automated Data Mapping]
Automated data mapping uses expertly designed software, just like our platform, that will map out and match data for you, even within your existing data sources.
With automated data mapping, you can organize and code complex data hands-free. This way, you can easily access your user’s data quickly and comprehensively.
Amazing, right? Now that we know how to find user data, we’ll explore a case study that reveals how to delete user data in our next video!”
The GDPR requires companies to maintain a record of their processing activities, known as a Record of Processing Activities (ROPA). This record must include information on the purposes of the processing, the categories of data being processed, the recipients of the data, and the company's security measures.
Automated data mapping can help companies to generate a ROPA quickly and accurately. Data mapping software can analyze a company's database and extract the necessary information for the ROPA. This can save businesses considerable time and effort, as they would otherwise need to review their records and determine which data is relevant manually. In addition, automated data mapping can help to ensure that the ROPA is complete and accurate, as it can identify any gaps in the data. As a result, companies that use automated data mapping will be able to comply with the GDPR's ROPA requirements more easily.