Data requirements for "Where do we use sensitive data?"

This business question examines the application portfolio and the business data that is created, read, updated, or deleted by the applications.

MM_WhereDoWeUseSensitiveData

To have meaningful data for the business question Where do we use sensitive data?, you must capture the following information about the applications and business data in your company.

Class	Attribute	Mandatory	Explanation
Application
	Name	x	The application name.
	Version	x	The version number for the application. It is recommended that you document major and minor release versions (<MajorVersion.MinorVersion>).
	Start Date	x	The start date is the date when the application is actively used.
	End Date	x	The end date is the date when the application is no longer used.
	Object State	x	Describes the use of the application in the real word. This can be understood as the operational status of the application. Possible values are: Plan: The application is proposed to be used and still in the stages of planning and building. Active: The application is currently being used. The active period begins with the application's start date and stops with the end date. Retired: The application is no longer used. The object state should be changed from Plan to Active once the application's start date is reached. It should be changed to Retired when the application's end data is reached.
	Status	x	Specifies the approval status of an application and determines whether or not the application can be edited or deleted. Possible values are: Draft: The application has only mandatory data defined. Under Review: The application is documented and being reviewed. An application with this release status cannot be deleted. Approved: The application has been approved by the responsible stakeholders. An application cannot be deleted when it has an approved release status. An application with this release status cannot be deleted. Data imported: The data regarding this application has been imported from an external system. Additional changes may be required to improve the data quality. An application with this release status can be deleted. Trash: The application is no longer valid and can be deleted.
Business Data
	Name	x
	Version	x
	Data Category	x	The data category that the business data is assigned to.
	Data Classification		Classification of the business data based on data protection requirements. Possible options are: Confidential - Non-Personal Data, Confidential - Personal Data, Restricted, Unrestricted, and Unknown
	Data Classification:DPIA Rating		A data protection impact assessment (DPIA) is a privacy-related assessment whose objective is to identify and analyze certain actions or activities that might affect data privacy. Under the GDPR regulations, data protection impact assessments are mandatory in certain cases, such as when profiling activities are carried out using personal data. 5-Very High 4-High 3-Medium 2-Low 1-Very Low 0-Not Required.
Business Data Usage
	Business Data	x	The business data that is used.
	Application	x	The application that uses the business data.
	Create		CRUD value that describes that an application creates a referenced business data.
	Read		CRUD value that describes that an application reads a referenced business data.
	Update		CRUD value that describes that an application updates a referenced business data.
	Delete		CRUD value that describes that an application deletes a referenced business data.
Data Category
	Name	x
	Parent Data Category		The parent data category that the data category is assigned to in the data category hierarchy.
	Description		Information about the category of business data that will be assigned to the data category.