Data Flow Diagram

A Data Flow Diagram (DFD) is a visual representation of the flow of data within a system or process. It illustrates how data moves from one entity to another, showing the various processes, data stores, and external entities involved in the system. In the context of GDPR (General Data Protection Regulation), a DFD can be particularly useful for understanding and analyzing how personal data is handled within an organization or system, ensuring compliance with GDPR requirements. Collection: This stage involves gathering data from various sources. Data can be collected from sources such as online forms, sensors, databases, social media platforms, or manual data entry. In the context of GDPR, it's crucial to ensure that data collection practices comply with the regulation's requirements, such as obtaining explicit consent from data subjects when necessary and providing transparent information about the purposes of data collection. Following are the five ways data flows:

Processing: Once data is collected, it undergoes processing, which involves manipulating, analyzing, or transforming it in some way to derive insights or fulfill specific purposes. Processing activities can include data cleansing, aggregation, analysis, and enrichment. It's essential to implement appropriate security measures during data processing to safeguard personal data and ensure compliance with GDPR principles such as data accuracy and confidentiality.

Storage: After processing, data is typically stored in data repositories or databases for future use. This stage involves choosing suitable storage mechanisms and implementing security measures to protect data from unauthorized access, alteration, or deletion. GDPR mandates organizations to ensure the security and integrity of personal data during storage, including measures such as encryption, access controls, and regular data backups.

Exchange: Data exchange refers to the transfer of data between different systems, applications, or organizations. This stage may involve sharing data with third parties, partners, or other internal departments. GDPR imposes restrictions on cross-border data transfers and requires organizations to ensure that any data transfers outside the European Economic Area (EEA) comply with GDPR's data transfer mechanisms, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

Archival: In this stage, data that is no longer actively used but may still have historical or regulatory value is archived for long-term retention. Archiving involves storing data in a secure and accessible manner, often in offline or offsite storage facilities. GDPR imposes specific requirements on data retention and deletion, requiring organizations to establish policies and procedures for the timely disposal of personal data once it is no longer needed for its original purpose. Here, the process owner as well as the collaborator adds data sources and its simultaneous flows.

1. Click on Add Data Source as shown in Fig 1.

1. Next, select the stage for this data source. A drop down list will appear as shown in Fig 2. Click on the appropriate stage.

1. Select source and the target of the data source and the processing stage as shown in Fig 3.

Source: Within a system or process, a data source is typically the starting point where data is initially collected or obtained before being transferred or processed further. For example, in a customer relationship management (CRM) system, data sources could include online forms, customer interactions, or data imports from external systems.

Target: A data target is the endpoint of data movement, where data is delivered or stored after being processed or transferred from a data source. For example, in an e-commerce system, the data target for order information could be a database where order details are stored for further processing and analysis.

1. Click on Diagram as shown in Fig 4. This will show you a diagram of the data flow map.

2. Click on Save or Proceed to Reports to move forward.

3. Generate a report as shown in Fig 5.