GDPR Data Inventory Map

What is GDPR data inventory map?

The GDPR inventory map is a crucial step and it’s one of the main operational activity for your roadmap. In fact, to be able to act in accordance with the GDPR, you must firstly inventory the personal data processing operations within your organization.


Evidently, firstly you have to understand the definition of personal data (see art. 4 of the GDPR). Then you should know which data is used, by whom and for what purposes. In the end, you can assess what needs a change in order to be compliant.

GDPR data inventory map 1

We easily understand how conducting the inventory and mapping exercise is essential for establishing your strategy for attending the GDPR

The Art. 30 states that the company shall maintain a record of processing activities under his responsibility. The record shall contain much information. For example the purpose of the processing, a description of the category of personal data, or the envisaged time limits to erasure.

The Art.5 states the principles relating to the processing of personal data. Therefore, the GDPR inventory map has also to mention the reason why you process the data. In the article, we found that the company has to process personal data in a lawfully way. Furthermore, the data are collected for a specific, explicit and legitimate purpose.

In this important step of the roadmap, you need to work by yourself. You need time to achieve the goal. But you are the person who knows more about your data.