Page 1

Project or Business Process: Version: Dated: Author:

Personal Data Mapping Diagram Customer name, address and email address Transfer method Description

Customer contact details

Special category

No

Obtained from data subject

Yes

Consent required? Privacy notice Owner

Storage in database

Volume

About 50 a day

Frequency

Web server

Adhoc

Internal or external

Internal

Controls applied

No

Location type Country stored in Encryption level

Privacy Notice 1

Retention period Customer telephone number Telelphone number of the customer

Special category

No

Obtained from data subject

Yes

Consent required?

No

Privacy notice

Privacy Notice 1

Volume Transfer method

Electronic via Internet

Frequency

Adhoc

Internal or external Controls applied

External

Number, expiry and CVC of customer's credit card

Special category

No

Obtained from data subject

Yes

Consent required?

No

Privacy notice

Electronic via Internet About 50 a day

Frequency

About 50 a day Website sale processing

Controls applied

SSL/TLS encryption

Lawful basis

Contractual

Method of consent

Consent not required

Automated decisionmaking?

No Sales and Marketing Manager

Country stored in

Retention period

Transfer method Volume

About 50 a day

Special category

No

Obtained from data subject

Yes

Consent required?

No Privacy Notice 1

None 7 years

Frequency

Review Website

Adhoc External None

Location type Country stored in

API via Internet

Volume

About 50 a day

Frequency Internal or external

UK None

Level of data subject access

None

Access controls

Transfer method

Electronic

Encryption level

Retention period

The IP address of the customer at the time of purchase

UK Encryption at rest

Email via Internet

Controls applied

Process Narrative: The Website Sale process starts with a customer visiting our website, choosing a product and going through checkout. The customer provides contact details and credit card information and their IP address is recorded automatically by the website. Credit card details are checked and stored at the Payment Processor, order details are stored on the Web Server and interfaces send the customer name and email address to a Review Website and a Mailing website for later use.

Electronic

Two factor Access controls authentication for admin accounts

Internal or external

Privacy Notice 1

Customer IP address

Owner

Location type

Level of data subject access

Credit card details

Website sale; receive funds in exchange for product

Copy of sale confirmation email

Description

Payment processor

Encryption level

Purpose of processing

Process owner

External

Sales and Marketing Manager

Privacy notice

7 years

Adhoc

Internal or external

SSL/TLS encryption

Sale via website

Credit card details

Owner

Transfer method

Volume

Sales and Marketing Manager

Description

UK None

Two factor Access controls authentication for admin accounts

Description

Owner

Electronic

Level of data subject Can be updated via access portal

Storage on web server

Sales and Marketing Manager

Website Sale Version 1 [dd/mm/yyyy] A.N. Other

7 years User account and password

Mailing Website

Adhoc External

Controls applied

Sales and Marketing Manager API – Name and email address

None

Location type Country stored in

Electronic UK

Encryption level

None

Level of data subject access

None

Retention period Access controls

7 years Two factor for admin access

Visio example personal data mapping diagram  
Visio example personal data mapping diagram