Data mapping

Data mapping

Data mapping (finding out what personal data your organisation processes) is often cited as one of the first tasks to tackle in a data protection compliance plan.

Assimilated Regulation (EU) 2016/679, the UK General Data Protection Regulation (UK GDPR) requires data controllers and processors to have a written record of data processing activities and the records must be made available to the supervisory authority on request.

Data mapping can be an enormous and time-consuming task. Despite the challenges, understanding and documenting the purposes of processing, the processing that takes place and the data involved provides a great basis for UK GDPR compliance.

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Risk & Compliance News

EDPB releases guidelines on pseudonymisation for public consultation

The European Data Protection Board (EDPB) has published Guidelines 01/2025 on Pseudonymisation for public consultation. The guidelines clarify the legal definition of pseudonymisation under GDPR, emphasising that pseudonymised data remains personal data. They outline pseudonymisation's role as a safeguard for implementing data protection principles, particularly in risk reduction, data minimisation, and ensuring appropriate security levels. The EDPB also addresses the impact of pseudonymisation on data subject rights and its potential use in data transfers to third countries. Such comments should be sent 28th February 2025 at the latest using the provided form.

Key points from trade sanctions office 'no-Russia' guidance

Law360, London: On 7 January 2025, the UK Office of Trade Sanctions Implementation (OTSI) published two new guidance documents focusing on no-Russia clauses and countering Russian sanctions evasion. The no-Russia clause guidance is focused on supporting those exporting or making available common high-priority list items, as well as other items critical to Russian weapons systems and military development, to tailor their due diligence and make use of clauses prohibiting reexport of their products to Russia. The Russian sanctions evasion guidance is intended to aid UK exporters' understanding of Russia's and other countries' circumvention practices to reduce their risk of being targeted by those seeking to evade sanctions. Affected companies should consider whether any adjustments need to be made to their trade compliance programs in light of the best practice recommendations made in the new guidance documents.

The compliance trends and imperatives on tap in 2025

Law360: As we ring in the year 2025, the landscape of corporate ethics and compliance is rapidly evolving, driven by societal changes, technological advancements, and increasingly complex governance demands and geopolitical realities. The world is simultaneously more interconnected and more conflicted than ever, and ethics and compliance challenges can occur in ways and places we have not previously encountered. This article explores the outlook for corporate ethics and compliance in 2025, highlighting key trends, emerging challenges and imperatives for businesses.

Risk & Compliance weekly highlights—16 January 2025

This week's edition of Risk & Compliance weekly highlights includes: the latest financial sanctions, the opening of a consultation on new legislative proposals to tackle cybercrime and response to House of Lords Committee Report on Modern Slavery Act 2015 by the Home Office, and an analysis on how forced labour imports raise criminal risks for UK retailers.

View Risk & Compliance by content type :

News