Contact us Today!

Data Mapping Software Tools for GDPR (Article 30) and California Privacy Law

Get help with GDPR and California with the Clarip data mapping software for privacy teams. Our Data Risk Intelligence scans offer the tools to identify an organization’s data collection and third-party data sharing, which are critical aspects of compliance with both the new U.S. and European privacy laws, in a data map.

Despite the media emphasis and public attention on data privacy this year between Facebook – Cambridge Analytica, the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), many organizations still do not have a complete handle on personal data within their organization. They are struggling with expanded definitions of personally identifiable information, greater transparency requirements and staying on top of all of the third-parties that are getting data from their organization.

The Clarip GDPR data mapping software identifies all of the trackers, beacons, cookies and other technology that are going on behind the scenes on your organization’s website. Privacy or compliance teams at large organizations with hundreds or thousands of websites use the Clarip Data Risk Intelligence scan to quickly understand the privacy implications of their practices across a broad range of websites. Teams with one or two websites use the Clarip technology because of its impressive visualization of how data flows into the organization and is shared with third-parties.

The automated scans can also compile a data map of your internal databases and other structured data within your organization to give your team a better understanding of the data you have collected and where you are keeping it. Use the information to improve your privacy practices and then export the information for your records of processing activities.

To schedule a demo of the Clarip Data Risk Intelligence Scan, please call 1-888-252-5653.

Here are a few of the ways that a data map can help with your privacy compliance:

General Data Protection Regulation

The world’s most comprehensive data protection and privacy law went into effect on May 25th, ushering in potential fines for violations of up to 4% of an organization’s global annual revenue. However, despite a two years delay in enforcement for organizations to prepare to meet its terms, many businesses are not expected to be in full compliance with GDPR until the end of 2018 or sometime during 2019.

If your organization is interested in speeding up its compliance efforts, looking to improve its business processes by automating data mapping, or is just entering the European market, our GDPR data mapping software may be right for your team. It can help with:

– Article 30 (Records of Processing Activities)

It requires controllers to maintain a record of processing activities under its responsibility including contact information for relevant individuals, the purposes of processing, a description of the categories of data subjects and personal data, the third-party recipients, the time limits for retention and other specified information.

– Article 35 Data Protection Impact Assessments

GDPR mandates organizations conduct a DPIA when a new technology or business process poses a high risk to the rights and freedoms of natural persons. Conducting a data map of the current or future process can be one way to help identify whether a DPIA is warranted, or can itself be part of the DPIA process to understand the data collection and sharing called for by its implementation. Either way, many organizations will decide to conduct a limited data map as part of their DPIAs.

– Article 28 Vendor Agreements

In order to have the appropriate data processing agreements in place, an organization needs to know which third-parties are receiving personal data from it. If a controller does not have a complete list of its processors, then it may not have all of the appropriate agreements in place to protect data privacy under GDPR Article 28.

– Articles 12-14 – Transparency

Organizations are required by the law to provide transparent disclosures about privacy practices in clear, plain language to data subjects. Organizations that have a deep understanding of their data collection, processing and sharing can provide more accurate disclosures to the individuals reading their privacy policy. Data maps can help businesses achieve transparency with consumers, which is not only required by GDPR but in and of itself an important business practice for building consumer trust.

– Articles 15-21 – Data Subject Access Rights

Article 15 requires that an organization provide access to an individual’s personal data upon request. Article 17 provides for the erasure of their personal data – the so-called right to be forgotten. If an organization is going to quickly and efficiently handle DSARs, it needs to know where its data is located. Data mapping is one tool in the arsenal to find it.


There is no explicit data mapping requirement in the California Consumer Privacy Act. However, many businesses will find that they can benefit from creating a data flow map at the beginning of their CCPA implementation.

– Transparency regarding data collection and the sale of personal information to third-parties.

California will require (beginning in 2020) businesses to disclose certain aspects of their collection and sharing of personal information. This includes all categories of personal information collected, how it is used, and the categories of businesses that are buying it, if any sales happened. A data flow map is an efficient way to begin the process of finding this information.

– Service provider contracts

Organizations need to know all of their vendors under the CCPA in order to qualify them as service providers and continue to be able to share information with them after an individual exercises their right to opt out from the sale of personal information. By engaging in data mapping to identify all of the third-party vendors, this process is made more efficient.

– Fulfilling data subject access requests

California requires organizations to provide consumers with access to their information as well as fulfill requests to delete it. In the same way that a data mapping tool can make this process more efficient for GDPR, it also works for the CCPA.

As you can see here, California and GDPR data mapping software offers a number of benefits for a privacy or compliance team seeking to improve its privacy practices. For a demo of the Clarip enterprise privacy management software, call 1-888-252-5653.

Related Content

GDPR Data Mapping Requirement & Software Solutions
GDPR Article 30 ROPA Software
Data Inventory Software Tools
Tips for Organizations Undertaking Data Mapping for GDPR
Why is Data Flow Mapping Important for GDPR Compliance?
GDPR Data Mapping Software Tool for Privacy Risk Assessments