A US-based non-profit promoting fair consumer treatment needed support in understanding and mapping of their personal data processing activities.
Myna created documentation of the processing activities, IT assets and third-parties processing personal data, to provide a foundational understanding of the organization’s data processing activities. The client required a manual creation of their data inventories and undertook this exercise as a regulatory check to ensure the organization was following the same fair consumer treatment it promotes.
The organization wanted to ensure it was both “talking the talk” and “walking the walk.”
Our Approach
Myna worked with the client developing an approach that maximized efficiencies and provided a comprehensive mapping of all data processing activities for 15 departments. This included:
- Leading 17 data gathering workshops with the key stakeholder and process owners in each department, both onsite at the client’s offices, and virtually.
- Completing and verifying spreadsheet-based data inventories for each of the processing activities within each of the 15 departments. This resulted in a total mapping of 55 different processes.
- Completing and verifying spreadsheet-based data inventories covering 40+ systems, and approximately 50 third-parties, supporting the processing activities for each department.
- Leading weekly support and guidance calls virtually to assist the client in verifying and completing their data inventories.
- Leading training calls explaining the methodology behind the data mapping inventory and how to read, utilize, and update the sheet as the organization continues to mature its privacy practices.
Program Outcomes
- All 15 organizational departments have completed data inventories, capturing the life cycle of personal data for each process and have identified associated IT assets and third-party processors.
- Data Inventories can support the updating of the clients’ Privacy Notices, Data Subject Rights Process, and the continued maturing of the organization’s privacy program.
- An executive presentation was provided for senior stakeholders, summarizing high-level observations, and recommendations to mitigate gaps and risks observed.
