Data Mapping Project

Do you have a data mapping plan in place to identifying and classify the personal information your entity collects?

What to do?


  • Conduct an information audit to determine what information you use and who has access to it. This will make complying with the PIPA and other privacy regulations easier.


  • Ensure there is an up-to-date data map, showing where data is stored, particularly personal data, which is essential for:

  • Robust information lifecycle management, including disposal of data that is no longer required to be retained;

  • Responding efficiently to a serious data breach by being able to quickly identity the types of information that have been subject to unauthorised access.


  • Demonstrating the measures in place to protect and secure personal data in accordance with the requirements of PIPA.


  • Check whether your processes include identifying and locating personal in all the organisation’s systems. Consider cloud storage and any third-parties’ systems that have been listed on the data map to identify all the locations where personal data is stored.


  • High-risk use of information may mean that entities should consider an up-to-date and detailed list of processes to check privacy and security by design at all stages of use. Be prepared to show that list to regulators upon request.


  • Identify a Condition for your use of personal information. You will need to identify a Condition under PIPA to use personal information in Part 2: General Principles & Rules (Section 6).


  • Update your privacy policy/notice with clear information about your use of data and the Conditions for the various uses that you have identified "in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child."

  • Explain how the data is processed,

  • who has access to it, and

  • how you're keeping it safe.

Add a Title
Add a Title
Add a Title
Add a Title