Data Privacy Services: Business Process and Data Flow

Eric M. Wright CPA, CITP

A critical component to understanding how an organization’s data (oftentimes consumer data) travels throughout its lifecycle is to develop business processes and data flow diagrams. Successful business process and data flow diagrams are achieved by conducting meetings with business unit representatives, as well as representatives from information technology (IT). These meetings allow for both business unit and IT representatives to develop a baseline understanding of what data is collected and how it is used, processed, shared, stored and retained within and outside of the organization. 

Business Process and Data Flow

The following components should surface throughout this exercise, to then determine how to protect and effectively control personal data:

  • Who collects, uses and maintains personal data relating to individuals, customers and employees?
  • What types of personal data are collected and what is the purpose of collection?
  • Where the data is physically stored?
  • To whom is the data transferred/shared?
  • When and how is the data collected?
  • How long is it retained and how is it deleted?

Additional Schneider Downs Data Privacy Services

Data Privacy Control Assessment

Regardless of whether your data privacy program was recently established or tenured, it’s important to assess its ongoing effectiveness in today’s ever-evolving technological world. Learn More

Data Protection Impact Assessment 

A Data Protection Impact Assessment (DPIA) is a process to help identify and minimize data protection risks to an organization. Learn More

NIST Privacy Framework Compliance

The NIST Privacy Framework is intended to be leveraged as a foundation to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. Learn More

Privacy by Design

Our approach to Privacy by Design ensures that privacy and security controls are aligned with an organization’s tolerance for risk, its compliance with regulations, and its commitment to building a sustainable privacy-minded culture.  Learn More

Privacy Regulations and Compliance

Prepare your organization for compliance with data privacy regulations including GDPR, CPRA, CCPA, New York SHIELD Act, GLBA and HIPAA. Learn More

About Schneider Downs Data Privacy Services

At Schneider Downs, our IT Risk Advisory Practice has a team of professionals who specialize in data privacy. Our team not only understands the evolving data privacy regulations but also the technologies that allow for opportunities to enable controls in the effort of reducing and protecting the data footprint and ongoing risks of non-compliance. 

Learn more at or contact us for more information.

case studies
                                    Company impacted by ransomware.
big problem:
Company impacted by ransomware.
big thinking:
Restore system on-site and avoid six-figure ransom.
                                    Inefficient tax credit realization.
big problem:
Inefficient tax credit realization.
big thinking:
Identified a $900,000 tax credit, nearly twice as much as prior years.
our thoughts on
How LinkedIn and a Phone Call Led to the Massive MGM Ransomware Attack
ESG BY Matt Hartman
Climate Corporate Data Act – What to Know About California SB 253
20 Pre-Contract Questions To Ask Your Next SOC 2 Audit Firm
Five Tax Considerations for Start-up Companies
School Yourself on Common Student Loan Cyber Scams

contact us

Metropolitan Washington