All of the changes listed will likely trigger a data inventory update except for the passage of a new privacy regulation. A data inventory is a record of all personal data that an organization collects, processes, stores, shares, or disposes of. A data inventory helps an organization understand what types of personal data it holds, where it comes from, where it goes, and how it is protected. A data inventory should be updated regularly to reflect any changes in the organization’s data processing activities or practices. Some examples of changes that would trigger a data inventory update are outsourcing a business function, acquiring a new subsidiary, or onboarding a new vendor. These changes may involve new sources or destinations of personal data, new purposes or categories of processing, new security measures or risks, or new contractual agreements or obligations. The passage of a new privacy regulation may not trigger a data inventory update unless it affects the organization’s existing data processing activities or practices. However, it may trigger a compliance assessment or gap analysis to determine if the organization needs to make any adjustments to its privacy program or policies to meet the new legal requirements. References: Data Inventory Hub; Data Inventory: What It Is & How To Create One
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit