France’s data protection authority, the CNIL, has produced a helpful six-step methodology for organizations preparing to comply with the EU General Data Protection Regulation. At the top of the list is appointing a DPO. As IAPP DPO Rita Heimes, CIPP/US, CIPM, writes for DPO Confessional, we’ve got that covered. The next item is “data mapping.” This is shorthand for fulfilling Article 30’s obligation that controllers “maintain a record of processing activities under its responsibility.” In this July post for DPO Confessional, Heimes takes a look at how the IAPP has approached the data inventory and mapping step toward GDPR compliance.
If you want to comment on this post, you need to login.