A US-based non-profit promoting fair consumer treatment needed support in understanding and mapping of their personal data processing activities.
Myna created documentation of the processing activities, IT assets and third-parties processing personal data, to provide a foundational understanding of the organization’s data processing activities. The client required a manual creation of their data inventories and undertook this exercise as a regulatory check to ensure the organization was following the same fair consumer treatment it promotes.
The organization wanted to ensure it was both “talking the talk” and “walking the walk.”
Our Approach
Myna worked with the client developing an approach that maximized efficiencies and provided a comprehensive mapping of all data processing activities for 15 departments.
- Myna led 17 data gathering workshops with the key stakeholder and process owners in each department both onsite at the client’s offices and virtually.
- Completed and verified spreadsheet-based data inventories for each of the processing activities within each of the 15 departments. This resulted in a total mapping of 55 different processes.
- Completed and verified spreadsheet-based data inventories covering 42 systems and 48 third-parties used across the processing activities for each department.
- Led weekly support and guidance calls virtually to assist them in verifying and completing their data inventories.
- Led training call explaining the methodology behind the data mapping inventory and how to read, utilize, and update the sheet as the organization continues to mature its privacy practices.
Program Outcomes
All 15 organizational departments have completed data inventories, capturing the life-cycle of personal data for each process and identified associated IT assets and third-party processors.
Data Inventories providing support for updating the clients Privacy Notices, Data Subject Rights Process and supporting the continued maturing of the organization’s privacy program.
Executive presentation to senior stakeholders, summarizing high-level observations, and providing recommendations to mitigate gaps and risks observed.