The Privacy Professional

Risk Assessment Stages  First, we must determine if there is a need for the risk assessment to be performed. Then, we will need to describe the flow of information (data life cycle) such as collection, processing, storage, usage and deletion. Next, we will identify privacy and related risks –including threats and vulnerabilities. Moreover, recording and summarizing risk assessment findings in a digestible, concise and readable format for the end user is necessary step. Finally, implementing the assessment findings and solutions into the project plan is the last step.

Data Mapping does not have to be limited to GDPR compliance . It is good idea for a businesses who stores data to map out the data they posses and what it is used for. In doing this, they can determine which data is necessary. For example, a business can effectively save money by deleting old, outdated and unnecessary data. Below you will find a sample data mapping intake form. A more complex form may contain, the types of data being stored (phone numbers, email, SSN, payment information), the data source and or the custodians and or stewards of the data. You can tailor your mapping intake form to your specific needs. Below you will find a sample data mapping intake form. A more complex form may contain, the types of data being stored (phone numbers, email, SSN, payment information), the data source and or the custodians and or stewards of the data. You can tailor your mapping intake form to your specific needs.