The GDPR requires high risk, data processing organisations and organisations with more than 250 employees, to maintain their data processing activities. To do this you first need to understand what personal data you hold, where it came from and where that data goes.
With personal data flowing in and out of multiple departments within your organisation, this can seem like a daunting task.
How can Lloyd’s Register help?
Lloyd’s Register’s GDPR data mapping and classification service can support you through the process and identify all your data flows throughout your organisation, which can help you to comply with the GDPR. This assessment will include:
- Data discovery – The development of data inventory of the personal data that you request, process and store.
- Data classification – The categorisation of personal data, including sensitive data, that you process or store, which has more stringent requirements under the GDPR.
- Data mapping – The identification of who has access to your personal data to ensure that your data is secure and that your people are adequately trained in data protection. It will also highlight the points within your processes where data is transferred to another processor.
- Risk assessment – The identification of risks relating to the GDPR principles – for example, opportunities for data minimisation.