The process of identifying personal data - how to get help!

What is "identify"?

Identification goes beyond simply identifying what personal data a company handles. It is a comprehensive effort where you ensure that there are records for the personal data, procedures for handling the data and map the systems that store and handle it. Evaluating these procedures and processes and ensuring that they comply with the new data protection regulation is fundamental to all other GDPR work.

So why is this work so crucial? GDPR is about the individual's rights regarding personal data, and if you do not know what data you are handling, why it is being handled and where it is stored, it will be impossible to satisfy these rights. For example, if you don't know exactly where your data is stored, you won't be able to handle a request for a register extract or delete data on a specific individual. Nor can you protect data without knowing where it is stored - it will simply be impossible to identify risk factors without a clear overview and record of all personal data.

What tools does the GDPR Hub offer to identify personal data?

One of the tools included in the GDPR Hub that can help you in your identification work is our assessment tool. It indicates how well your organization complies with the GDPR in the initial situation, which is needed to create a current situation and a basis to start from. You can read more about how you can use your assessment tool to start the mapping work here.

The GDPR Hub is built around Microsoft's Compliance Manager and also plays an important role in the identification process. Among other things, your Compliance Manager can be used to identify - based on the data from your assessment - the actions needed to fill the gaps in your compliance efforts. The tool also provides support materials and documentation for the procedures and processes you establish.

You will also receive educational support material with clear instructions and checklists for what needs to be mapped and documented in the process of identifying personal data. There are also questionnaires that can be distributed to the organization's respective departments where employees can answer how and when they handle personal data.

Key considerations in the identification of personal data

The reason why it is so important to involve all parts of the organization in the identification process is that a large part of the processing of personal data may take place outside the systems, in documents that are saved locally or printed and collected in folders and binders.

A record must also be made of how the personal data is handled at all stages of processing. This includes, for example, information on how the data was collected and what purpose it serves for the business, the legal basis for the processing, where it is stored and for how long. The idea is that, with the support of this information, you will be able to prove why you are allowed to process the personal data - at all stages.

The GDPR Hub's records categorize the personal data. Among other things, you can categorize based on the type of individual concerned (leads, customers, employees and so on), how the collection has taken place (direct collection or via a third party) and based on the type of personal data concerned (e-mail address, name, telephone number, employment number and more). The type of personal data processed is also the basis for how long it can be stored. The register also indicates where each piece of data is stored and which systems use it.

Why WeSafe's GDPR Hub?

There are indeed other actors on the market who provide similar templates or their own systems to support the identification work. The disadvantage of these is that they are usually stand-alone systems that are not linked to the other digital infrastructure of the organization. A further step in the handling of personal data requires additional consent from the individual as well as procedures, processes and documentation. Therefore, one of the great advantages of the GDPR Hub, for those who use Office 365, is that everything is gathered and can be managed in one place.

Do you feel unclear, want to know more or need help in your identification work? Contact us at WeSafe!