WHAT IS THE DATA INVENTORY SERVICE?
The Data Inventory Service allows you to develop a comprehensive data inventory and supporting data maps, which identify where data exists, processing activities, media types and storage, retention requirements, and other critical elements. This service is crucial to demonstrate diligence and comply with the GDPR.
WHY DO I NEED IT?
Comply with the GDPR and Reduce Risks
The intent of the GDPR is clear: companies must take all steps necessary to protect the personal data of EU/EEA citizens. The GDPR applies to personal data that is processed manually, electronically and by third-parties. At a minimum, companies must develop and maintain a specifically formatted data inventory and supporting data maps to demonstrate due diligence and enable regulatory compliance. Corporate reputation, fines, penalties and litigation are at stake.
Article 30 | Record of Processing Activities Requirements:
HOW DOES IT WORK?
For over a decade, we’ve been helping the world’s leading companies develop the accurate data inventories and data maps needed to comply with legal obligations.
Our Data Inventory Service leverages our world-class best practice standards, a powerful service delivery model and an experienced professional support staff. We help you rapidly develop and maintain a complete data inventory and supporting GDPR reports, so you can meet your obligations more effectively and defensibly.
Our service enables you to easily keep your data inventory and reporting up-to-date. It is precise, predictable and the results are highly actionable. You’ll be able to quickly dial into specific risks, document your reporting obligations and demonstrate ongoing diligence and evidence of controls.
We help you develop your baseline data inventory with unlimited scope, international reach and no business disruption. Our process is built around the GDPR requirements and provides dozens of critical reports and invaluable insights.
PROJECT TIMELINE: 45 DAYS OR LESS
Here are just a few of the reports we provide:
Controllers must have a record of processing activities, including the purposes of processing, description of categories of data subjects and categories of personal data, categories of recipients to whom the data are disclosed, envisioned time limits for erasure of personal data, and a general description of the technical and organizational security measures in place. Controllers must have record of processing activities conducted by their third-parties and sub-processors as well.
Any third-party or sub-processor used to process data on behalf of the organization must have appropriate technical and organization measures to protect the rights of the data subject. Third-party relationships must be documented and managed with contracts that mandate privacy obligations. Ultimately, controllers must be confident in processors' security capabilities and compliance with the GDPR.
The GDPR creates restrictions on the processing of special categories of personal data. In order to comply with these restrictions, companies must have an accurate data inventory that defines what special personal data they have, where it resides, how it is processed and for what purpose it is used.