Data mapping

A living map of where personal data moves

Acompli gives you a visual, connected view of systems, third parties, and international transfers. The map stays current because it is fed by the same workflows you use for assessments, risk, and RoPA.

Connected flows. Reviewable changes. Evidence behind every node.

Get started Book a walkthrough

View Brochure

How it works

From scattered context to a living data map

Six stages keep your data map connected to the governance decisions and source evidence behind every published relationship.

StartPopulate the map

Bring in systems, suppliers, and processing activity

Record systems, vendors, locations, and processing activities as part of normal assessment and governance work — or import them from existing registers.

Acompli supports structured intake of supplier and system information so organisations can build connected records within a connected, governed structure. AI-assisted mapping helps interpret current layouts and propose likely matches.

Systems & Processors

Import from Excel/CSV or register as part of assessment workflows.

Locations & Transfers

Geographic context linked to systems and suppliers for transfer visibility.

Assessment Discovery

Entities identified during assessment work surfaced as draft map entries.

01Visualisation

See relationships, geography, and source evidence together

Data mapping should help teams understand processing, answer questions quickly, and trace every important relationship back to the record behind it.

Differentiate evidence-backed records from imported or manually entered items that still need closer validation. Trace any node back to the assessment, answer, or record that created it and see when it was last reviewed.

Graph View

Explore how systems, suppliers, locations, and processing activities connect visually.

Interactive · Filterable · Linked

Geographic View

Review domestic and cross-border flows by country and region for transfer governance.

Map-based · Transfer-focused

Data Lineage

Trace any node to the assessment, answer, or record that created it.

Provenance · Audit trail

Confidence Signals

Distinguish evidence-backed records from items that still need validation.

Quality · Review status

02Readiness Checks

Verify the map before it is shared

Readiness checks confirm that critical inputs are present before the map is shared more widely. Consistency analysis surfaces orphaned nodes, conflicting routes, and outdated relationships before publication.

A data map your team can explain, review, and defend.

Data Map — Readiness Report

All systems have assigned ownershipPass

Transfer mechanisms documentedPass

2 orphaned nodes without connectionsWarning

1 supplier missing location dataAction

No conflicting transfer routes detectedPass

3 records not reviewed in 6 monthsReview

03Transfer Governance

International transfers linked to the mechanism behind them

Cross-border transfers stay linked to the mechanism behind them — whether SCCs, adequacy, or another safeguard. Transfer Impact Assessments remain connected to the flows they cover.

This makes it easier to understand what changes if a vendor moves or a safeguard expires. Every route in the map carries evidence — the mechanism, the assessment, and the review that approved it.

Transfer Mechanisms

SCCs, adequacy decisions, and supplementary measures linked to each cross-border flow.

Transfer Impact Assessments

TIAs connected to the specific flows they cover, with links to supplier and location records.

Safeguard Monitoring

Track when mechanisms expire or require renewal, with visibility across dependent flows.

Principle →Every route has evidence. Every transfer has a mechanism.

04Review & Publish

Reviewable outputs, not just a picture on screen

Data map entries are not auto-published. They move through review with named users, timestamps, version history, and an audit trail behind each approved change.

Assign ownership, set review cadences, and generate outputs for audit, regulators, or internal reporting. Each part of the map has a responsible steward.

CSV

Internal analysis

Export structured data for filtering, pivoting, and internal compliance reporting.

PDF

Audit & regulatory sharing

Formatted reports for regulators, auditors, and governance committees.

JSON

Integration with other tools

Machine-readable export for feeding data into downstream systems.

Attestation

Ownership & review

Named stewards, review cadence, version history, and audit trail for every change.

05Connected Platform

Data mapping works better when it does not sit alone

Within Acompli, the map remains part of a wider privacy operating model. Approved assessment work can propose structured mapping updates instead of leaving teams to re-key the same information.

Processing records stay aligned with the wider view of systems, recipients, transfers, and operational relationships. The map stays current because it is fed by the same workflows you use for assessments, risk, and RoPA.

Living Map

Assess

RoPA

Risk

Vendors

Interrogate the map

Six practical ways to explore your data

🖥

By System

See what data each IT system processes.

📂

By Data Category

Find processing of a specific type of personal data.

⚖

By Legal Basis

Group activity by lawful basis.

⏱

By Retention Period

Spot data held beyond its stated period.

🌍

By Location

Review domestic and cross-border flows.

🏢

By Third Party

See which vendors have access to what data.

See the full picture and keep it current

Maintain a living view of flows, transfers, and dependencies with governance built in. Connected flows. Reviewable changes. Evidence behind every node.

Get started →Book a walkthrough

Frequently Asked Questions

Is data mapping only a one-time compliance exercise?

No. It stays useful when it changes with your systems, vendors, and processing activity. Acompli keeps mapping connected to the workflows that already govern that work, so updates happen as part of normal review rather than through a separate clean-up exercise.

How does data mapping support GDPR compliance?

A clear view of data flows supports Article 30 records, transfer governance, and risk-based decision-making. The goal is faster, more consistent answers backed by structured evidence that auditors and regulators can verify.

Can we import an existing data map?

Yes. Existing records can be imported into Acompli so teams do not need to start from scratch. Imported items remain reviewable, and the wider platform can keep enriching them as new assessments and records are approved.

Does data mapping replace RoPA or DPIAs?

No. Mapping, RoPA, and DPIAs serve different purposes. Acompli keeps them connected so you can move from a map to the right record, assessment, or risk entry without re-keying the same information.