top of page

RGPD data mapping

RGPD data mapping is an essential component of compliance with data protection regulations also known as Data Compliance. With Tale of Data, you can ensure optimal management of sensitive information within your organization thanks to Shadow IT functions.


The Need: reference sensitive data to achieve RGPD compliance.


Our client was required to comply with the General Data Protection Regulation (RGPD). According to the requirements of the RGPD, all personal data retained must be associated with legitimate processing, in compliance with the standards established by the CNIL. Consequently, our customer, like any company, must be able to justify and document the retention of this data in order to comply with the regulations, with particular emphasis on the notions of consent and legitimate interest.

To achieve this goal, our customer's challenge was to answer these 4 questions:


  1.  Within the company, who keeps personal data?

  2.  What types of personal data are involved?

  3.  Where is this personal data stored? Databases, but also Shadow IT (Excel files scattered around the internal network, for example)

  4. Why is this data kept?

Proposed solution: data mapping with Mass Data Discovery


Our "Mass Data Discovery" technology automatically scans :


  • All relational databases

  • Shared network drives: all directories and their subdirectories were scanned for Excel, CSV, XML and JSON files

  • Data managed in the cloud (CRM, content management systems, etc.)

Each line of each table was analyzed for surnames, first names, addresses, e-mails, telephone numbers, IBANs, etc.

The mapping provided by Tale of Data made it possible to identify the personal data stored and for our customer to justify their presence in the associated processing. This exhaustive mapping of RGPD data, generated automatically, gives users of the module direct, simple and precise access to the locations where this personal data is stored.


Benefits of RGPD data mapping

Data scanning (= "Bottom-Up" approach) enabled us to carry out an exhaustive analysis, as opposed to interviews, which rely on the memory of interviewees and rarely up-to-date documentation.

Mapping has greatly enhanced the credibility of the data processing register, and has enabled the DPO (Data Protection Officer) to better organize his erasure (or anonymization) projects, thereby greatly minimizing the risk of non-compliance.

By automating the entire process, our customer was able to run regular scans, to prevent the long-term accumulation of non-legitimate personal data.

testimonial tape.png

Discover our exclusive webinar on mapping sensitive data, revealing best practices for detecting and securing your personal data and fighting against Shadow IT.

new band cta.png

Harness the full potential of your data by scheduling a demonstration

bottom of page