Forums for the Business Analyst

 
  Modern Analyst Forums  Business and Sy...  Requirements  Data Mapping - Data Privacy Requirements
Previous Previous
 
Next Next
New Post 9/25/2019 4:05 AM
User is offline Omar
2 posts
No Ranking


Data Mapping - Data Privacy Requirements 

Hi - Have you as a BA come across a situation where you need to document the 'Data Privacy' requirements? Including Data minimisation? What are the key components to keep in mind when documenting these? Also, what is a Data Map - How is it documented?

 
New Post 10/1/2019 4:58 AM
User is offline Stewart F
119 posts
7th Level Poster


Re: Data Mapping - Data Privacy Requirements 

Hi Omar, 

Can I ask what Country you are based in? When you say 'Dat Privacy' requirements this, like many other Compliance requirements, depends on what country you are in OR what country you are building the solution for (So for example, I am based in the UK, but could be building a website for a US based company - in which case their requirements would be different to a UK based company). 

I'll try to answer your questions generically, but once you let me know which country we are talking about, I can then be more specific. 

Data Privacy in its simplest form, is about making sure that a Customers data is not only secure from outsiders, but also from the company that Customer gave it to. Let me explain that in more detail:

We have all heard of stories of not very scrupulous people hacking sites for peoples data to sell on the black market. There is a new story every week about this. Companies are now obliged to SHOW that they are being as secure with a Customers data as they can be. Lets not get into the nitty gritty of whether they actually are secure - that s open to debate. But for a company to hold data and not show it to the world is what is called Data Privacy. 

So in simple terms, if I send amazon my name and address and my email address, I expect them to use it (because I want the thing I have just bought of f of them) but equally, I want them to hold my data securely and not share it with anyone else. 

So, what are 'Data Privacy' requirements - well in short they are requirements to ensure that a Customers data is secure.

 So what sort of requirements do you need to consider? Well this rather depends on what the solution is that you have to ensure is secure, but lets assume that it is a website. As the BA, I would look for the end to end journey of a Customers data:

1. Where do they input it

2. Where is it stored in the system - a database?

3. What is done with that data throughout he system or, in this case website?

4. Do any other systems use that data?

Then ask yourself what current data security protocols are in place. A protocol is merely a process in this instance. Are there any in place? If there are, are they best practice?

Typical stakeholders to question here are the following:

a. The database manager - or whoever looks after the database

b. The database developer - who looks after it or makes technical changes to it.

c. Someone from Sales probably - as they will 'own' the Customer Journey.

d. IT Security - who is responsible for ensuring the companies IT Security.

e. Your Compliance Team (If you have one) If you don't, who is responsible for such things, Head of Operations?

You also mention 'Data Minimisation' - this is the process of only holding onto data that you absolutely need. In other words, as a Company, I should only hold the data that I need in order for my system to run correctly.

The requirements and the stakeholders are much the same as above. In the UK, we have a relatively new law called GDPR (General Data Protection Regulation). Its fair to say it has caused a lot of companies issues over the two years that it was first announced. GDPR follows all of these principles that you mention.

If you need specific answers to things either ask on this forum or use your search engine to look up GDPR. There are a whole host of sites which take project people through what to do with this and their experiences. 

Hope that helps.   

 
New Post 10/1/2019 5:26 AM
User is offline adilou
1 posts
No Ranking


Re: Data Mapping - Data Privacy Requirements 
 Omar wrote

Hi - Have you as a BA come across a situation where you need to document the 'Data Privacy' requirements? Including Data minimisation? What are the key components to keep in mind when documenting these? Also, what is a Data Map - How is it documented?

If you need specific answers to things either ask on this forum or use your search engine to look up GDPR. There are a whole host of sites which take project people through what to do with this and their experiences. 
 
New Post 10/16/2019 3:58 AM
User is offline Stewart F
119 posts
7th Level Poster


Re: Data Mapping - Data Privacy Requirements 

Hi Adilou, 

Remember that this forum spans many different countries and indeed continents. GDPR is specific to the UK and the European Union (plus Norway and Liechtenstein). In my response I asked Omar what country they were based in or what country their work was for, as this impacts on their needs. If, for example they are based and working for a company in the US, then GDPR will not be relevant to them as they have different rules. 

Also, forgive me, but you advised Omar that if he had specific questions to post them in the forum, but that is exactly what Omar did do, so I don't quite see what you were trying to say?

As with all BA tasks - ask the right questions first to narrow down your next question(s). The right question here being "What Country are you based/Working in Omar?" - then, based on what they reply with, you can reply with a specific answer. I gave a deliberately generic answer as I don't yet know what country we are talking about.  So pointing them directly to GDPR at this stage may not be the right response. 

As a BA you should never make assumptions - that's why BAs are laced on projects - to make sure the right thing is developed/put in place, not just a random guess. As the BA, you ask all the necessary questions to ensure that you don't have to make assumptions.

Not picking on you Adilou, but I see a lot of replies in this forum with people pointing others to "the internet" or "look for x on the Internet" without actually diving down to find out what the route cause of an issue is or what that User is especially asking for. 

 
Previous Previous
 
Next Next
  Modern Analyst Forums  Business and Sy...  Requirements  Data Mapping - Data Privacy Requirements

Community Blog - Latest Posts

Business Impact Analysis(BIA): Assessing the Potential Impact of a Cybersecurity Incident on Business Operations
In today’s highly interconnected society, businesses depend on technology even more than before. While offering opportunities for innovation and creativity, businesses are exposed to various cybersecurity threats that can disrupt operations, damage reputation, and result in substantial financial losses. It is crucial to carry out a comprehens...
In today's ever-evolving market, businesses must adapt swiftly to remain competitive and meet the needs of a fast-paced digital economy. Among the various business strategies available, digital transformation, customer-centricity, and sustainability have emerged as top priorities. Let’s explore why these strategies are critical for busine...
The Cisco Certified Network Associate (CCNA) certification is a pivotal credential for networking professionals, validating your skills in networking fundamentals, security, automation, and programmability. Preparing for the CCNA exam can be challenging, but with the right strategy, resources, and mindset, you can successfully achieve this certific...

 



Upcoming Live Webinars




 

Copyright 2006-2024 by Modern Analyst Media LLC