Where do we use sensitive data?

Use the method that is most convenient for you:
- In the left navigation panel, enter Where do we use sensitive data? in the Search Navigation field.
- In the left navigation panel, click Home. In the content area, go to the Business Questions page and click the tile for Where do we use sensitive data?
- In the left navigation panel, expand the sections Business Questions and Risk and click Where do we use sensitive data?

The Number of records per axis filter is mandatory and must be defined to see data for the business question Where do we use sensitive data?. If the visualization is empty, click the Filter button. In the Number of records per axis field, specify the number of assets (X-axis = business date and y-axis = applications) to display on the axes

The business question Where do we use sensitive business data? examines the application portfolio and the business data that is created, read, updated, or deleted by your applications in a CRUD (C=Create, R=Read, U=Update, and D=Delete) matrix. The CRUD analysis identifies inconsistencies and redundancies in the way business data are used in the IT landscape and helps you to easily understand which applications process sensitive data, what kind of data is handled, and what the application does with this data.

This business question visualizes data in a CRUD matrix. The CRUD matrix shows applications on the Y-axis and business data on the X-axis. The corresponding cells are filled with a combination of the letters C, R, U, D thus indicating if and how an application uses the business data (C=Create, R=Read, U=Update, and D=Delete). The report excludes all applications and business data without any CRUD operations.

Where is there redundancy in how applications use the business data? Look for business data that has the same business data usage by different applications. For example, find business data that is being created (C=Create) by many different applications. Consider whether this redundancy is necessary or whether the applications can be rationalized.

What business data is used in a specific application portfolio? Click the Filter button and select an application portfolio in the Application Group field.

Which business data is relevant for a specific business capability? Click the Filter button and select a business capability in the Business Capability filter.

Where is personal data used by applications? Click the Filter button and select Confidential - Personal Data in the Data Classification field. Recommendation: Assess which personal data is handled by applications and what the application does with the data based on CRUD. Ensure that protection measures are in place to mitigate risk to highly sensitive data.

Where do data privacy issues relevant for GDPR regulations exist? Click the Filter button and select DPIA Rating in the Show KPI filter field to evaluate the data protection impact assessment (DPIA). Recommendation: Find the business data with the highest DPIA scores to identify and analyze where data privacy issues exist for business data. Ensure that your company has measures in place to reduce and mitigate risk in order to demonstrate compliance with GDPR regulations.