Published:

Updated:

Data Inventory: why you may need one

Privacy Policy

European Union, GDPR, UK DPA 2018, United Kingdom

Photo of author

Hans Skillrud

Vice President of Termageddon

Do you need a data inventory

“Inventory” is one of those words that just make most people want to take a nap. Don’t worry though, at least this isn’t one of those blog posts telling you to write down the serial numbers of all of your monitors and count how many staplers you have. Inventories are a very important tool that helps businesses understand what they have, what they do with what they have and if they meet all of the legal requirements that apply. So what is a data inventory? A data inventory allows you to record what data assets you handle. A data inventory is an excellent compliment to your privacy program that helps you with the following:

  • Have a thorough overview of what data you are responsible for;
  • Practice data minimization (don’t keep what you don’t need to reduce risk and costs);
  • Prepare for any privacy-related requests (eg. an individual requests that you delete their data);
  • Evidence your commitment to the privacy of your customers;
  • Assess any compliance gaps and address those gaps.

A data inventory is a thorough analysis of the categories of data that you have and does not include any specific data elements. For example, you will not record that you have John Smith’s name, only that you collect names of people through your website. A data inventory should consider and include the following points:

  • The nature of the data (data submitted through your website);
  • The owner of the data, or the person in your company that is responsible for the data (you);
  • Location of the data (HubSpot or emails);
  • The volume of the information (10,000 records);
  • The format of the information (electronic);
  • How you use the information (to process orders);
  • The data element categories (name, phone number, address);
  • Where the data is accessed (access only in your offices);
  • Where the data is transferred and to who (transferred to Amazon AWS and the server is in the United States).

After you have completed your inventory, check your Termageddon Privacy Policy to make sure that your answers to the questions accurately reflect your data inventory and practices. If you do not have a Privacy Policy yet, make sure to create one as you are required by law to have one if you collect personal information.

Protect yo’ self,

Team Termageddon

Photo of author
About the Author
Hans Skillrud

Hans is the Vice President of Termageddon, an auto-updating website policies generator. With Termageddon, you can generate a comprehensive set of policies for your website, and then receive automatic updates to your policies when the laws change.  When not working on Termageddon, you can find Hans gardening, beekeeping, fishing or taking care of his chickens.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy

Culture

Disclaimer

EULA

How To's

Privacy Policy

Terms of Service

Subscribe for Updates