3 Step Guide, Survey Results and Article 30² Toolkit
What Next With Your Personal Data Inventory (Article 30)?
Data privacy legislation requires organisations to discover and document their personal data processes e.g. GDPR – Article 30 ‘Record of Processing Activities’. For most organisations the simplest way to fulfil this obligation is to create and maintain a Personal Data Inventory.
Understanding what data you have, why you have it, where it is processed, who can access it, when it should be deleted, and how it is secured is the foundation of any data privacy or cyber security programme that aims to protect personal data and comply with data privacy legislation i.e. GDPR, CCPA, PIPEDA, PDBP and more.
Exonar surveyed 104 organisations to understand their experience discovering and operationalising their Personal Data Inventory. We have detailed the findings of this survey alongside a 3 Step Guide to Personal Data Inventory and Article 30² Toolkit.
Our first section on data discovery and personal data inventory will be most useful for organisations who are planning to create their Personal Data Inventory (e.g. those preparing for the California Consumer Privacy Act (CCPA) in 2020).
Our second and third sections will be most useful for organisations who have already created their Personal Data Inventory (e.g. those complying with General Data Protection Regulation (GDPR) from May 2018) to explain next steps for monitoring and compliance activities.
The Article 30² Toolkit can be filled to help you structure your journey through this process.
Download: Article 30² Toolkit