Data Mapping Automation

Maintain Processing Data Flows

Request Demo View Pricing

Compliance with GDPR Article 30

Data mapping and inventory are critical components of any privacy program. Understanding how data is flowing through the organization is a pre-requisite to being able to secure the data and analyze the data for risks. Maintaining an inventory also helps organizations more efficiently respond to data subject rights request to delete, correct, access, or port their data.


In the EU’s new General Data Protection Regulation (GDPR), organizations are expected to maintain extensive and up-to-date internal records of their data processing activities. According to Article 30 of the GDPR, organizations will be held accountable for compliance with record keeping requirements, with equal responsibility given to both data controllers and data processors.


OneTrust provides a simple and automated solution for data mapping, designed to address compliance with GDPR Article 30 record keeping requirements and self-certification with Privacy Shield for data transfers. OneTrust Data Mapping enables organizations to visualize the entire data lifecycle, maintain an evergreen data inventory (data processing register), identify gaps and track recommendations, evidence and approvals for remediating risk.

Comprehensive Data Discovery

When it comes to detecting and generating data flows, a combination of approaches is required for long term sustainability and accuracy. OneTrust provides a hybrid approach, where everything is linked into a single central inventory of data flows. A combination of questionnaires, intelligent scanning, and integrated APIs can be used to generate the most up to date, compliant, and actionable data inventory.

OneTrust Data Mapping Questionnaire

Start Mapping Data

OneTrust provides multiple ways for you to map data flows across your organization. Our built-in questionnaire template can be easily tailored and helps collect information about the purpose, type and process by which personal data is being collected, used, stored and transferred.

OneTrust Data Mapping Discovery

Discover Unknown Data

OneTrust gives you the ability to integrate automated scanning techniques, which help discover data you may not have known about. Artificial intelligence and machine learning is used to analyze identity sources (CRM, HRIS) and detect the movement and storage of data across corporate websites, networks, and business applications – in both structured and unstructured repositories.

OneTrust Data Mapping Data Inventory

Integrate Existing Inventories

Our API framework gives you the most flexibility in terms of pulling and pushing information between OneTrust and enterprise systems where you may have existing inventories of assets, vendors or any other personal data processing activities. Common locations include GRC solution, such as Archer, ITSM such as ServiceNow, and existing vendor management or DLP systems.

Data Lifecycle Visualizations

OneTrust provides a tabular, searchable, and sortable inventory of data to meet the Article 30 (GDPR) record keeping requirements. Additionally, OneTrust automatically generates visualizations and data flow diagrams as tools for easier analysis and executive communication.

OneTrust Data Mapping Cross-Border Map

Visualize the Flow of Data

Based on the latest data discovery activities, OneTrust visualizes the flow of data across your organization into a number of interactive graphs, including Asset Tracking, Cross-Border Data Flow, and Data Lineage.

OneTrust Data Mapping Data Elements

Consolidate Data Inventories

OneTrust also provides a consolidated (de-duplicated) view of data inventories, such as Business Processes, Assets, Vendors and Data Attributes, with the ability to search across your entire library, and export to a CSV file.

Maintain Evergreen Data Inventory

OneTrust Data Mapping PIA Integration

Integrate with Ongoing Privacy Workflows

OneTrust shares the underlying architecture for questionnaire templates across privacy impact assessments (PIA) and data mapping, which means any new information collected from PIAs automagically gets updated across data flows, inventories, and risks analysis. Additionally, any new APIs and scan results also feed into the common central inventory.

Identify Gaps & Remediate Risks

Meet Requirements for Compliance

OneTrust flags risks, including severity and likelihood, and provides follow-up recommendations in order to meet compliance. Risk are flagged visually on the graphs, as well as in the tabular views. A comprehensive gap analysis report is also available. As you and your team address the identified risks, you can store evidence, and track remediation activities and approvals, all within OneTrust.

OneTrust Data Mapping Risk Management

Keep a Complete Record of Activities

OneTrust GDPR Data Mapping & PIA Versioning

Track Versions and History

In order to fully meet the record keeping requirements of GDPR Article 30, OneTrust provides a complete audit trail of data mapping activities within our platform, including version control and historical views.

Why OneTrust Data Mapping?

Data Discovery

Comprehensive approach to address requirements for compliance

Data Visualization

De-duplicated data consolidated into graphs and tabular listings

Evergreen Inventory

Integration with ongoing privacy workflows enables evergreen inventory

Risk Remediation

Complete record of identified risks and remediation activities

Integrated Platform

Integrated with OneTrust privacy management platform