// THREAT DETECTION AND DATA PRIVACY TERM
Data Mapping
Data mapping is the process of creating a detailed inventory of an organization's data. It documents what information is collected, where it's stored, how it moves between systems, and who has access to it.
TECHNICAL DEFINITION
Data mapping is a critical data governance process that involves creating a comprehensive inventory of data assets and their flows throughout an organization's systems and processes. This record, often called a Record of Processing Activities (ROPA), documents data elements, storage locations, transfers, and security controls to support regulatory compliance with frameworks like GDPR and CCPA and to assess cybersecurity risk.
BACKGROUND
The NIST Cybersecurity Framework, is a set of guidelines designed to help organizations assess and improve their preparedness against cybersecurity threats. Developed in 2014 by the U.S. National Institute of Standards and Technology, the framework has been adopted by cyber security professionals and organizations around the world. The NIST framework has provided a basis for communication and understanding of cybersecurity principles between organizations, both in the private sector and public, such as governments. The framework, which is publicly available online for free, provides recommendations of existing cybersecurity standards and actions that organizations can take to mitigate cybersecurity risk.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- data inventory
- data flow mapping
- record of processing activities
- ROPA
- information asset inventory
- data discovery
- data lineage
USAGE NOTE
Data mapping is a foundational exercise for any privacy program and is essential for responding to data subject access requests (DSARs).
DEVELOPERS
Organizations developing technology related to Data Mapping.
A leading privacy management software platform that helps organizations operationalize compliance with regulations like GDPR and CCPA. Its technology automates data discovery and mapping to create a centralized inventory of data processing activities.
A data intelligence platform specializing in data discovery and classification using machine learning. It helps security and privacy teams map all types of enterprise data, including personal, sensitive, and regulated data, across cloud and on-premise environments.
Provides a data security platform that focuses on protecting data from insider threats and cyberattacks. Its technology maps data stores, classifies sensitive information, and analyzes access permissions and user behavior to detect threats.
A unified data governance and compliance solution from Microsoft. It provides automated data discovery, sensitive data classification, and end-to-end data lineage mapping across hybrid and multi-cloud environments to manage and protect data.
Offers an AI-powered Data Command Center for unified data intelligence and controls. The platform automates the discovery and mapping of sensitive data across complex environments, enabling organizations to manage privacy, security, and governance obligations.
A cybersecurity company that provides Data Loss Prevention (DLP) solutions. Their technology relies on advanced data discovery and classification to map the location and flow of critical data, enforcing security policies to prevent unauthorized exfiltration.
A comprehensive data security platform that offers centralized visibility and control over sensitive data. It provides automated data discovery and classification tools to map where sensitive data resides across databases, data warehouses, and big data environments.
A cybersecurity company offering a Data Security Fabric to protect data and all paths to it. Its platform includes data discovery and classification services that automatically find and map sensitive data repositories across an organization's hybrid environment.