Live Data Map Overview
DataGrail Live Data Map offers your team a comprehensive and dynamic view of the privacy risk in your systems. Your privacy team will use Live Data Map to:
- Review how many and which systems contain personally identifiable information (“PII”) that must be disclosed or deleted as part of data privacy requests according to regulations such as GDPR and CCPA
- Proactively detect shadow IT: systems containing personal data that may have never gone through an accurate security or privacy review
- Classify system risk by the sensitivity of the data contained within it, allowing them to prioritize and intervene as necessary in situations of outsized risk before legally and publicly penalized for undisclosed data collection and similar issues
- Prepare a Record of Processing Activities (RoPA), required as a living document for GDPR compliance
Live Data Map includes Responsible Data Discovery (“RDD”) for integrated third-party SaaS applications. Depending on your DataGrail agreement, your team may also have access to RDD for on-premises or first-party data sources. Contact your customer success manager if you’re not sure what is included in your agreement.
Jump ahead
- How do I navigate Live Data Map?
- Who uses Live Data Map?
- What is involved in implementing Live Data Map?
- How is Live Data Map maintained once launched?
Tour Live Data Map
Live Data Map consists three main functions, which you can learn about each by clicking the links below:
Live Data Map Users
The following User Roles have access to the Live Data Map product:
Inventory Manager
The Inventory Manager role grants users the ability to manage and export Inventory System Reports. Inventory Managers may be assigned specific systems or have access to all systems for an organization.
Live Data Map Admin
The Live Data Map Admin role allows users to complete any action associated with Live Data Map, including the functions of the Inventory Manager. LDM Admins can also add and remove systems, categorize systems, and edit the configuration of the exports.
Implementation Summary
To begin using Live Data Map for visualization and analysis of PII in your tech stack, you will need to populate the System Inventory. See the following methods of getting system information into DataGrail.
System Detection
DataGrail integrates with popular SAML/SSO providers (i.e. Salesforce, Okta, Google Apps) to compare records in those systems against our internal databases as well as G2 recognized systems to surface high-confidence results. With System Detection, records that match known systems are automatically identified as systems and added to your system inventory.
-
Components
Manual System Entry
When there are systems in use that are not readily apparent in system detection, or are isolated within your tech stack, those systems can be added to your System Inventory manually.
With manual system entry, reports can be generated for any system, regardless of their visibility or relation to other integrated systems.
Responsible Data Discovery (RDD)
To perform Data Classification, DataGrail employs a containerized API agent to locate and identify structured, semi-structured, and unstructured data on your systems.
Live Data Map Features
System Inventory
Data Mapping gives you the ability to review all systems within your inventory. You will get a high level view of system owners, Personal Data likelihood, and where in your tech stack these systems are located.
From the System Inventory page you can view and organize reports for multiple business processes when thinking about your downloadable RoPA.
Systems can either be added to your inventory manually or you can connect various SAML/SSO tools that DataGrail will use to automatically detect new systems.
Reporting
Inventory System Reports provide a comprehensive overview and detailed documentation of an organization's data inventory. This report may detail the types of data collected, stored, and processed by the company.
The Inventory System Report might include information about the various data sources, categories of personal information, the purposes for which data is used, and the data flows within the organization. It could offer insights into the company's data ecosystem, allowing businesses to understand their data practices, assess compliance with privacy regulations, and manage data privacy effectively.
These reports have proven to be valuable for data governance, compliance audits, and ensuring transparency with respect to how personal information is handled within an organization. It assists in identifying and managing sensitive data, thereby enabling businesses to take necessary actions to secure, control, and govern their data in accordance with privacy laws.
Data Classification
Responsible Data Discovery ("RDD") takes system detection a few steps further, revealing the presence of PII in your systems while operating within the strictest security guidelines.
Purpose-built data models and abstracted machine learning allow DataGrail to identify and report on sensitive data without ever surfacing or transmitting the sensitive details.
Further reading on data mapping
To better understand data-mapping inside and outside of DataGrail, we recommend these resources:
- Data mapping 101: More context on why data mapping is done and how organizations accomplish it
- Data mapping for GDPR compliance: Full compliance on DSR processing under GDPR requires a complete and integrated data map
- What is sensitive personal information? Data classification is an important step of data mapping; learn more about what constitutes as sensitive personal information
- Life360 case study: Learn how Life360 utilized Live Data Map to proactively classify and address sensitive data risk
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.