Data mapping is the process of connecting a data field from one source to a data field in another source. This reduces the potential for errors, helps standardize your data, and makes it easier to understand your data by correlating it, for example, with identities.
From a data privacy perspective, data mapping enables you to accurately connect sensitive data to the identity of the person associated with it. In this case, data mapping can identify data subject records within all data sources, then match and link records across sources and systems to create 360-degree views of each individual data subject.
Data mapping is a critical element of any data privacy framework because manually discovering and classifying personal and sensitive data in aggregate—and understanding how your company uses and shares it—isn't precise or comprehensive enough to address the data access and compliance requirements of today’s privacy regulations. You need an automated, reliable data mapping solution to support compliance efforts. You also need to understand customer data in the context of what the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) refer to as data subjects—in other words, specific, identifiable individuals who have data access rights and need transparency into how you handle their data.
Data mapping helps you establish a single source of truth for business-critical personal and sensitive data about your customers. It can also provide visibility into how you know those things—what actual data records you hold about your customers, which systems hold the records, and how those records are related and connected. Understanding this data at a granular level enables you to achieve deeper insight into customer preferences and behaviors.
The ability to precisely link all data about an individual’s attributes also makes it easier to enable and manage data use consent and other rights—a main tenant of ensuring compliance with the GDPR, the CCPA, and other privacy regulations. When you know exactly which data you have about any given data subject, it's easier to identify data that falls under the GDPR's requirement to protect any information "relating to an identified or identifiable data subject," or aligns with the CCPA's even more rigorous requirement to protect any information that "identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular consumer or household." In turn, identifying data that the law requires you to protect helps to ensure that you are have appropriate protection policies and reliable data privacy controls in place.
A recent industry analyst estimate, based on surveying the impact of GDPR, place the average time to respond to a data access inquiry at more than a week and the cost per request at about $1,400. Streamlining this process through automating your data mapping procedures with customer identities can generate significant cost savings in a short timeframe by helping to more quickly respond to new customer rights obligations for increased transparency.
Coop Alleanza 3.0 is Europe's largest consumer cooperative, with 2.7 million members and 430 stores across Italy. Formed in a merger of five smaller Italian cooperatives, the company needed to combine customer, product, and sales data to create a 360 customer view without compromising its compliance with GDPR requirements protecting its customers' personally identifying information (PII). By deploying Informatica MDM, the company has been able to identify and manage customer data across multiple internal and external systems, protecting PII while still using it safely with less risk exposure to personalize customer experiences. Learn more about Coop Alleanza 3.0.
Given the volume, variety, and velocity of data being collected by companies of all sizes, it's rarely been feasible to manually identify and manage any of your data, sensitive or otherwise. A data-driven business, especially one leveraging data lake analytics for customer insights and migrating to cloud workloads, needs to be able to move fast—faster than the rate at which humans can prepare the data that directs its movements.
However, artificial intelligence and machine learning are ideally suited to the task. According to a McKinsey Global Institute analysis, in more than two-thirds of use cases, AI can improve performance beyond that provided by other analytics techniques.
Training AI to recognize personal data, as defined by privacy regulations, allows it to scan, match, and link millions of records at enterprise scale, quickly and comprehensively. This is the only way to match data at sufficient speed and reliability to accelerate visibility into the mapped data for faster, more authoritative analytics and business intelligence, and for use in new applications.
The GDPR, the CCPA, and other privacy regulations for controlling the storage and use of consumer information require companies to inventory and responsibly manage all the data they have about individual consumers. Being able to link seemingly disconnected bits of information to a specific individual gives a company the insights it requires to balance the need to properly enforce privacy policies with the need to make data available for legitimate business uses.
Additionally, new privacy mandates put individuals in control of their own data, allowing them to demand a full reporting of all the information a company has about them and specify which applications they consent to with approved use. They can also assert rights over their personal data, such as refusing to allow it to be sold to third parties, having it erased (the right to be forgotten), and taking their entire data record elsewhere (data portability).
A company can only effectively process these requests if it reliably knows what data it has and how it relates to the individual. Data mapping with automation supports data privacy regulatory compliance by making it efficient and effective to associate, consolidate, and manage requests and consents from individual data subjects at scale. In addition, by enabling central management of personal data from a single location linked to all applications, data mapping makes it easier to apply subject rights processing in a consistent way—protecting customers' data, reducing the risk of accidental noncompliance from data abuses, and safely removing users from risky applications of sensitive information based on identity-driven policies.
As privacy regulations become more pervasive, it will be impossible to comply with each new regulation one by one; companies need to address them at scale by operationalizing privacy compliance as a repeatable function. By correlating and connecting data subject records through metadata, data mapping helps support the operationalization of privacy, making it an integral part of automated data management as a whole by enabling safe and trusted use.
GDPR Compliance for Dummies: Our eBook on turning compliance into a competitive advantage
Data Classification and Mapping for Data Privacy: An explanatory video
IAPP Webinar on Operationalizing Data Privacy: How to leverage automation, AI, and machine learning to manage privacy across thousands of resources
Reimagining Data Governance Webinar: GDPR—the gloves are off
Webinar: Preparing for the CCPA with data privacy that scales
Executive Brief: Intelligent Data Privacy—California Consumer Privacy Act