“Inventory” is one of those words that just make most people want to take a nap. Don’t worry though, at least this isn’t one of those blog posts telling you to write down the serial numbers of all of your monitors and count how many staplers you have. Inventories are a very important tool that helps businesses understand what they have, what they do with what they have and if they meet all of the legal requirements that apply. So what is a data inventory? A data inventory allows you to record what data assets you handle. A data inventory is an excellent compliment to your privacy program that helps you with the following:
- Have a thorough overview of what data you are responsible for;
- Prepare for any GDPR-related requests;
- Evidence your commitment to the privacy of your customers;
- Assess any compliance gaps and address those gaps.
A data inventory is a thorough analysis of the categories of data that you have and does not include any specific data elements. For example, you will not record that you have John Smith’s name, only that you collect names of people through your website. A data inventory should consider and include the following points:
- The nature of the data (e.g. data submitted through your website);
- The owner of the data, or the person in your company that is responsible for the data (e.g. you);
- Location of the data;
- The volume of the information;
- The format of the information (e.g. electronic);
- How you use the information (e.g. to process orders);
- The data element categories (e.g. name, phone number, address);
- Where the data is accessed; and
- Where the data is transferred and to who.
Protect yo’ self,