Forums for the Business Analyst

 
  Modern Analyst Forums  Business and Sy...  Requirements  Data Mapping - Data Privacy Requirements
Previous Previous
 
Next Next
New Post 9/25/2019 3:05 AM
User is offline Omar
2 posts
No Ranking


Data Mapping - Data Privacy Requirements 

Hi - Have you as a BA come across a situation where you need to document the 'Data Privacy' requirements? Including Data minimisation? What are the key components to keep in mind when documenting these? Also, what is a Data Map - How is it documented?

 
New Post 10/1/2019 3:58 AM
User is offline Stewart F
52 posts
8th Level Poster


Re: Data Mapping - Data Privacy Requirements 

Hi Omar, 

Can I ask what Country you are based in? When you say 'Dat Privacy' requirements this, like many other Compliance requirements, depends on what country you are in OR what country you are building the solution for (So for example, I am based in the UK, but could be building a website for a US based company - in which case their requirements would be different to a UK based company). 

I'll try to answer your questions generically, but once you let me know which country we are talking about, I can then be more specific. 

Data Privacy in its simplest form, is about making sure that a Customers data is not only secure from outsiders, but also from the company that Customer gave it to. Let me explain that in more detail:

We have all heard of stories of not very scrupulous people hacking sites for peoples data to sell on the black market. There is a new story every week about this. Companies are now obliged to SHOW that they are being as secure with a Customers data as they can be. Lets not get into the nitty gritty of whether they actually are secure - that s open to debate. But for a company to hold data and not show it to the world is what is called Data Privacy. 

So in simple terms, if I send amazon my name and address and my email address, I expect them to use it (because I want the thing I have just bought of f of them) but equally, I want them to hold my data securely and not share it with anyone else. 

So, what are 'Data Privacy' requirements - well in short they are requirements to ensure that a Customers data is secure.

 So what sort of requirements do you need to consider? Well this rather depends on what the solution is that you have to ensure is secure, but lets assume that it is a website. As the BA, I would look for the end to end journey of a Customers data:

1. Where do they input it

2. Where is it stored in the system - a database?

3. What is done with that data throughout he system or, in this case website?

4. Do any other systems use that data?

Then ask yourself what current data security protocols are in place. A protocol is merely a process in this instance. Are there any in place? If there are, are they best practice?

Typical stakeholders to question here are the following:

a. The database manager - or whoever looks after the database

b. The database developer - who looks after it or makes technical changes to it.

c. Someone from Sales probably - as they will 'own' the Customer Journey.

d. IT Security - who is responsible for ensuring the companies IT Security.

e. Your Compliance Team (If you have one) If you don't, who is responsible for such things, Head of Operations?

You also mention 'Data Minimisation' - this is the process of only holding onto data that you absolutely need. In other words, as a Company, I should only hold the data that I need in order for my system to run correctly.

The requirements and the stakeholders are much the same as above. In the UK, we have a relatively new law called GDPR (General Data Protection Regulation). Its fair to say it has caused a lot of companies issues over the two years that it was first announced. GDPR follows all of these principles that you mention.

If you need specific answers to things either ask on this forum or use your search engine to look up GDPR. There are a whole host of sites which take project people through what to do with this and their experiences. 

Hope that helps.   

 
New Post 10/1/2019 4:26 AM
User is offline adilou
1 posts
No Ranking


Re: Data Mapping - Data Privacy Requirements 
 Omar wrote

Hi - Have you as a BA come across a situation where you need to document the 'Data Privacy' requirements? Including Data minimisation? What are the key components to keep in mind when documenting these? Also, what is a Data Map - How is it documented?

If you need specific answers to things either ask on this forum or use your search engine to look up GDPR. There are a whole host of sites which take project people through what to do with this and their experiences. 
 
Previous Previous
 
Next Next
  Modern Analyst Forums  Business and Sy...  Requirements  Data Mapping - Data Privacy Requirements




Latest Articles

Six Estimation Safety Tips
Oct 13, 2019
0 Comments
Estimation is a chronically thorny issue for software practitioners. Most people need to prepare estimates for the work they do, but in our industry w...
Copyright 2006-2019 by Modern Analyst Media LLC