How a ROPA visual map can enhance your privacy program: 6 use cases

Have you ever wondered why creating your ROPA is often called data mapping, although all you end up with is a huge spreadsheet?

Not trying to nit-pick here. Just thinking that an actual visual representation of data flows might save a lot of time that you would otherwise spend sifting through the spreadsheet version of the ROPA to understand how your organisation uses personal data.

Why read 1000 words when you can see the big picture at a glance?

Sypher automatically analyses your organisation's ROPA to create a visual map of all processing activities. 

This feature includes a search engine that allows you to search and filter your ROPA to generate dynamic, real-time views that can help you understand where personal data comes from, where it is stored, how it moves inside and outside your organisation, which activities are high-risk and likely to require a DPIA, and more.

There are many situations where Sypher's visual map can come in handy, so let's go through some of the use cases.

1. Check that a privacy notice includes all the relevant information

Suppose you need to verify the privacy notice you use to inform job applicants who send their CVs via email about how you handle their personal data.

By searching for the relevant data source, such as "CVs received by email," Sypher will scan your ROPA to display a visual map with all related data processing activities, categories of data collected, and internal and external parties that have access to the data.

Sypher's visual map also allows you to export a filtered extract of your ROPA by clicking the print button near each highlighted item on the map. This extract can include any additional information that is available in Sypher, such as the lawful basis for processing, data retention period, and recipients located in third countries.

Can you spot the related Processing Activities? How about the Data Recipients?

2. Locate the information required to respond to a DSAR

When managing DSARs, it's critical to quickly locate the relevant data categories for a data subject, the systems in which they are stored and, last but not least, any external processors of that data.

To do this with Sypher, simply search for the relevant data subject type (e.g. “customers”) and you will instantly see an up-to-date and comprehensive visual map of all ROPA activities where the selected data subject is listed. 

Even if you have a fully automated process for responding to DSARs, Sypher's visual map can still prove useful for periodically checking that the current process is updated to reflect any recent changes in processing activities (e.g. new vendors or new systems).

You might have noticed that some of the fields are in italics and some are not. The regular fields indicate directly documented connections, while the ones in italics are inferred — yet probable — connections. 

3. Analyse and document what a processor does for you

The visual map provides a clear overview of the relationships between your organisation and external processors, making it easier to analyse the flow of personal data outside of your organisation.

One click on the relevant Data Recipient and the map shows you precisely what’s going on. 

4. Help colleagues understand how their department uses personal data

This is perhaps the clearest example of a picture being worth a thousand words. 

Yes, Sypher provides you with a readable version of your ROPA, but we have found that including a picture makes it much easier for your colleagues to understand what the key elements are that they need to be aware of when processing personal data.

You can generate maps by filtering by process, activity or any other filter you choose.

Use the “🖼️” button from the top toolbar to generate and save a copy of the visual map currently displayed.

5. Visualise risk sources

Sypher’s visual map flags the items that increase your WP248 risk score, making it easier to identify high-risk activities that might require a DPIA. 

Hover your pointer over any blue triangle to see a risk type description or use the link icon to open the activity for more detailed information

6. Update the ROPA using the built-in visual editor

Once you experience how Sypher's visual map can help you in your daily work, it becomes a tool you want to use more often.

So what do you do when you're conducting an analysis or training session for colleagues and discover a change that needs to be made? Do you leave the map and go to the ROPA Editor?

Actually, there's no need to interrupt your workflow. You can simply activate Sypher's built-in visual map editor to make the necessary adjustments and then resume your previous task. Rest assured, as with everything else in Sypher, all changes are logged.

Check or uncheck the boxes to update the mapping connections.

There’s also a BIGGER picture worth considering

These are just a few ideas of how you can use your ROPA to make sure it doesn't end up in a drawer. If you're looking for more inspiration, here are 4 tips to get the most out of your ROPA.

More resources 👉Learn how to see the big picture hidden in your ROPA spreadsheets.

—
Did you find this article helpful? Stay tuned for more by 📌 following our Social Media pages and/or 👉 subscribing to our weekly newsletter. We'll keep you up to date on topics such as Privacy Management, Information Security, and GDPR compliance.