Skip to main content
Data Mapping

Data Mapping for Security and Privacy | Improve Decision Making

Data – It’s Much More than Just Consumer Data

But it’s not only consumer data for which organizations need to be concerned about, it’s also internal employee data, highly sensitive IP driven data – perhaps even federal data (if you’re a contractor providing services to the U.S. government). In reality, it’s about ensuring the safety and security of any type of data resident in your environment.

The safety and security of data (all types and all formats) is now more important than ever, thanks in large part to growing data privacy and cybersecurity regulations that are impacting organizations all throughout the globe. The General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), are just the beginning of what’s sure to be a global onslaught of data privacy laws and regulations headed to every organization’s doorstep.

Doing a Deep Dive on Data – A Proven Methodology

With Centris, our data mapping assessments take a deep dive into all things data – specifically – how your organization collects, uses, shares & discloses, stores, protects, retains, and disposes of data. Centris’ data mapping assessments consist of the following phases:
 

Phase I: Analysis & Scoping

Measures to undertake include having a solid understanding of why such an assessment is being undertaken, what departments, systems, and personnel are considered in scope, and more. Additional factors to consider for this initial phase:

  • Identifying data groups (i.e., consumer data, federal data, internal employee data, corporate IP, etc.) and the relevant data types associated with each group.
  • Beginning to conceptualize and understand the data flows for the data groups – specifically - how data is collected, used, shared & disclosed, stored, protected, retained, and disposed of.
  • Assigning key roles, responsibilities, high-level deliverables, and overall expectation with both Centris consultants and your internal employees.
  • Assessing information security/cybersecurity controls, along with third-party entities deemed in scope.
  • Assessing regulatory compliance requirements (i.e., GDPR, CCPA, PIPEDA, federal agency compliance, etc.).
 

Phase II: Information Flow

Measures to undertake include conceptualizing, confirming - and then documenting – the information flow of all data groups and associated data types throughout the organization. When documenting the information flow, it’s critical to touch on the following elements: data items, format of data, location of data, access to data, and more. Additional factors to consider for this phase include the following:

  • Collection – Where is data being collected from, in what manner, from what external entities, transmission protocols, etc?
  • Used – What is the overall use and lawful purpose of the data being collected?
  • Shared & Disclosed – Who is data being shared with – both internally and externally (i.e., third-parties), the specific data sets being shared, the rationale why?
  • Storage and Protection – For data resident in an organization's information systems, how is it being stored and protected (i.e., encryption, etc.)?
  • Retention – What established data retention periods are in place and the rationale for it?
  • Disposal – How is data disposed of when no longer needed?

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
CENTRIS Advisory Methods
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Explore CENTRIS Strategies
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.
Regulatory Compliance For All Industries

Data mapping services to secure & manage your data complete lifecycle

The safety and security of data (all types and all formats) is now more important than ever, thanks in large part to growing data privacy and cybersecurity regulations that are impacting organizations all throughout the globe. The General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), are just the beginning of what’s sure to be a global onslaught of data privacy laws and regulations headed to every organization’s doorstep.
 

Phase III: Reporting

With Centris, our data mapping reports provide organizations with a wealth of information for making informed decisions on how to best manage their data. Key sections included within our report include the following:

  • Initial findings for all in-scope data groups and data sets.
  • Recommendations and requirements to be implemented for the entire data flow lifecycle.
  • Formalized action plan, complete with milestones and deliverables necessary for successful data management.
 

Phase IV: Remediation

With Centris, we can assist in remediation by offering expert guidance, tools, and other support for creating sound controls for how your data is being collected, used, shared & disclosed, stored, protected, retained, and disposed of. In terms of remediation, we can fully assist with the following:

  • Properly classifying data into correct categories.
  • Developing information and data flow diagrams.
  • Developing data privacy program policies and procedures.
  • Assistance with implementing various security tools & solutions.

With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

"Leaders use data mapping techniques to improve data-driven decision making."
- Gartner

Why Centris For Data Mapping?

  • Proven methodology for documenting data lifecycles.
  • Experts at remediating control gaps and documentation deficiencies.
  • Experience in working with all industries and sectors for data mapping.

Additional Related Services

Customized Data Privacy Programs | Data Privacy Cons...

Growing cybersecurity threats, coupled with increased laws and regulations are forcing organizations to truly take the time in assessing – and documenting – how they collect, use, share & disclose, store, protect, retain, and dispose of their data...
Read this article

EU Cloud Data Protection Code of Conduct Gap Assessm...

The EU Data Protection Code of Conduct for Cloud Service Providers, simply known as the EU Cloud Code of Conduct, is a framework consisting of a set of requirements for Cloud Service Providers (CSP) supported by a Control Catalogue. This is impor...
Read this article

Microsoft Supplier Security & Privacy Assurance Prog...

Per Microsoft, “The Microsoft Supplier Data Protection Requirements” apply to each Microsoft supplier that Processes Personal Data or Microsoft Confidential Data in connection with that supplier’s performance (e.g., provision of services, software...
Read this article

U.S. State Data Privacy Assessments, Consulting and ...

Almost every state is now following in the footsteps of California in developing comprehensive laws regarding an individual’s data privacy rights. In the near future, it’s quite possible that every state will adopt meaningful data privacy laws, a...
Read this article

International Data Privacy Assessments for U.S. and ...

While most of the world is focusing on the likes of the General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), there’s much more to data privacy than these two well-known pieces of legislation. Canada, B...
Read this article

CCPA & CPRA Gap Assessments for Business in Californ...

The California Consumer Privacy Act (CCPA) is without question landmark legislation enacted to give consumers greatly enhanced privacy rights and protection clauses within the state of California. As an organization, if you’re doing business in t...
Read this article

GDPR Assessments for Controllers and Processors

Centris offers GDPR gap assessments for organizations all throughout North America seeking assistance with what’s arguably the most demanding and comprehensive data privacy regulation in the world. GDPR compliance for U.S. companies has hit our sh...
Read this article

Data Protection Impact Assessments (DPIA) | GDPR Con...

The General Data Protection Regulation (GDPR), under Article 35, requires, under certain circumstances, that a Data Protection Impact Assessment (DPIA) be performed by controllers if certain conditions exist. Specifically, “Where a type of process...
Read this article

Privacy Impact Assessments (PIA) | Minimize Privacy ...

The safety and security of all types of data is now front and center in today’s business arena due to growing cybersecurity threats, coupled with increased data privacy laws and regulations. With Centris, our PIA process is efficient, yet compre...
Read this article

Data Governance Plan and Consulting Services | PIA, ...

When performed correctly, a quality data governance assessment provides organizations with an actionable roadmap for designing and implementing a sustainable data governance program that ultimately improves efficiency, promotes transparency, enabl...
Read this article

    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.

    Let's talk about your business - Contact CENTRIS Today