提供数据流映射模板,确保数据隐私合规与安全。
以下为“集团A”数据流映射模板,用于系统性记录与审计个人数据在组织内外的流动、处理活动及合规控制。模板结构对齐GDPR(含Art. 30、Art. 35、Art. 44–49、Art. 22)与CCPA/CPRA的核心要求,并可扩展至其他司法辖区。 使用说明(简要) - 为每条数据流创建一份记录,并分配唯一标识。数据流指从收集到使用、共享、存储、删除的端到端路径。 - 与业务、法务、信息安全、数据工程共同填报,确保技术细节与合规依据一致。 - 所有字段尽量量化与可验证(链接证据、系统ID、协议名称、法条引用)。 - 该模板可作为GDPR Art. 30处理活动记录(ROPA)的支撑材料;跨境传输与风险评估应关联DPIA与传输影响评估(TIA)。 模板字段 0. 文档元信息 - 数据流唯一ID: - 版本/状态(草稿/生效): - 创建日期/最后更新日期: - 业务单元/部门(集团A-具体实体): - 文档所有人(姓名/职务/邮箱): - 审核人(隐私/法务/信息安全): - 适用地区与法规(EU-GDPR、UK-GDPR、US-CA CCPA/CPRA、其他): - 关联记录:ROPA条目ID;DPIA编号;TIA编号;合同/DPA编号: 1. 流程概览 - 流程名称(简短且可识别): - 流程描述(目的与范围,包含端到端步骤): - 触发事件(用户行为、系统任务、批处理等): - 运行频率与数据量级(每日/每周;记录数、数据字段数): - 生命周期阶段(收集/使用/共享/存储/归档/删除): 2. 角色与责任 - 控制者(Controller,集团A具体法律实体): - 共同控制者(如适用,含联合安排概要): - 处理者/服务提供商(名称、地理位置): - 分处理者(名单、用途、合同链): - 数据保护官(DPO)/隐私负责人: - 业务所有人与技术所有人(系统/流程责任人): 3. 处理目的与合法性依据 - 处理目的(与最小化原则一致的具体业务目的): - GDPR合法性依据(Art. 6:同意/合同/合法利益/法律义务/公共任务/生命攸关): - 合法利益评估(LIA)链接(如选用合法利益): - 特殊类别数据(Art. 9,如健康、生物识别)及处理依据: - 儿童数据处理说明(年龄门槛、同意机制): - 自动化决策/画像(Art. 22)说明与保障措施: 4. 数据主体与数据类别 - 数据主体类别(客户/潜在客户/员工/候选人/供应商等): - 个人数据类别(标识符、联系方式、交易记录、设备标识、位置、财务等): - 敏感个人信息(CPRA定义:精确地理位置、身份证件号、财务账号、健康、种族/宗教、性取向等): - 数据来源(直接收集/第三方/公开来源),来源清单与合同约束: - 收集渠道(网站、App、门店、客服、API、物联网设备等): 5. 技术数据流与系统清单 - 上游采集点/接口(系统名、API/表/队列、版本): - 传输路径(内部/外部;协议:HTTPS/TLS、SFTP、MQ等;加密措施): - 存储位置(数据库/数据湖/文件系统;云服务与区域/数据中心地址): - 处理活动步骤(清洗、匹配、分析、报表、共享),含作业名称与顺序: - 下游输出/共享对象(内部系统、外部合作方、公共披露情况): - 第三方共享明细(名称、目的、数据字段最小化、法律依据、DPA状态): - 备份与灾备(位置、周期、加密、还原测试频率): - 日志与审计轨迹(记录位置、保留期限、可追溯性): 6. 跨境数据传输 - 传输目的地国家/地区(含云区域): - 传输机制(EU SCCs、UK IDTA/UK Addendum、BCR、Adequacy、EU-US DPF、Art. 49例外等): - 传输影响评估(TIA)状态与关键结论: - 额外保障措施(加密、访问限制、分段存储、假名化): - 接收方类别与合同控制(服务提供商/共同控制者,关键条款): 7. CCPA/CPRA合规要点(如适用) - 是否涉及“出售”或“共享”(跨情境行为广告等),依据与评估: - 敏感个人信息的使用与限制(“Limit the Use”权利执行路径): - Notice at Collection链接与披露要素(目的、数据类别、保留期限): - 消费者权利(访问、删除、纠正、选择退出“出售/共享”),流程与时限(45天,可延长至90天): - GPC(Global Privacy Control)信号识别与处理方式: - 服务提供商/承包商合同状态与禁止次级使用条款: 8. 安全控制与隐私保障 - 访问控制(RBAC/ABAC,最小权限,审批与定期复核): - 加密(静态与传输;算法与密钥管理/HSM;密钥轮换周期): - 假名化/匿名化(技术方法、再识别风险评估): - 数据丢失防护(DLP策略、监控覆盖): - 安全监控与告警(SIEM、阈值、响应流程): - 安全测试(渗透测试、代码审计、漏洞管理): - 隐私增强技术(差分隐私、安全多方计算等,若适用): - 认证与标准(ISO/IEC 27001、SOC 2等): 9. 数据保留与删除 - 保留期限(按数据类别分列,法律/合约/业务依据): - 归档策略(冷/热数据、访问限制): - 删除与去标识流程(触发条件、工具、证明/删除证书): - 备份/日志的删除与不可恢复性控制: 10. 数据主体请求(DSR)与偏好管理 - 请求入口(URL/邮箱/电话),可用性与语言: - 身份验证流程(风险分级与证据要求): - 请求处理流程(定位数据、提取/删除/纠正、响应模板): - 时限要求(GDPR:1个月可延长;CCPA:45天可延长): - 同意管理与撤回(记录位置、时间戳、范围): - 选择退出机制(Do Not Sell/Share链接、Cookie偏好中心): 11. 事件与违规管理 - 事件检测与分级(隐私事件 vs 安全事件): - 通知要求与时限(GDPR:向监管机构72小时;对数据主体的条件性通知;CCPA/州法的通知规则参考具体州): - 处置流程(遏制、调查、根因分析、补救): - 事后审计与改进计划: 12. 文档与证据 - 政策与程序(隐私政策、Cookie政策、访问控制政策、数据保留政策等)链接: - 供应商尽职调查与评估报告: - 培训记录(角色覆盖与频次): - 最近审计/评审摘要与整改状态: - 变更管理记录(版本对比、影响评估): 13. 批准与生效 - 审批人(姓名/职务/日期): - 生效日期与下次复审日期(建议≤12个月): - 备注(例外批准、临时控制、待办事项): 附录(可选) - 数据字典与字段清单(字段名、类型、敏感级别、用途): - 系统接口与数据流图引用(架构图/序列图文件路径): - 风险与控制矩阵(风险编号、描述、固有风险、控制措施、剩余风险评级): - 术语表(控制者/处理者/分处理者/出售/共享/敏感个人信息等定义与来源法条): 填报建议 - 使用统一命名与ID体系,确保系统、接口、数据集的可追溯性。 - 对跨境传输与画像/自动化决策单独开展DPIA并链接到本记录。 - 每次系统变更、新增第三方或目的扩展时触发复审与版本更新。 - 保留可审计证据(合同、评估、日志、测试报告)以满足监管与内部审计要求。
Template: Data Flow Mapping for Compliance Contract Library B Purpose - Provide a standardized record of processing and data flow mapping for all activities related to “Contract Library B,” aligned to GDPR Article 30 (ROPA), GDPR Articles 5, 6, 9, 28, 32, 35, and CPRA (CCPA as amended) requirements including sale/share assessment, sensitive personal information handling, retention, and data subject rights. - Enable DPIA/TRA screening, cross-border transfer compliance, and processor oversight. Instructions - Complete one entry per distinct data flow (source → processing → storage → disclosure/transfer) associated with Contract Library B (e.g., ingestion of contracts, metadata extraction, analytics, search, sharing with vendors). - Use controlled vocabularies where indicated; attach supporting artifacts (DPA, SCCs, TIAs, retention policy, security controls) where relevant. - Maintain versioning and approval history. Section 1: Record Metadata - Flow ID: - Flow Name: - Version / Date: - Owner (Role/Name): - Business Unit: - Product/Service Context: - Linked Contract(s) (IDs, title, counterparty): - Related Processing Agreement(s) (DPA, SCC/IDTA, BCR ref): - Status (planned, live, retired): Section 2: Purpose and Legal Basis - Processing Purpose(s) (select/describe; e.g., contract lifecycle management, search/indexing, compliance reporting, analytics, eDiscovery, audit): - Lawful Basis (GDPR Article 6) per purpose: - Contract performance - Legal obligation - Legitimate interests (include LIA reference and summary) - Consent (attach consent mechanism; scope; withdrawal method) - Vital interests / Public task (if applicable) - Special Categories Processing (GDPR Article 9): yes/no; category; exemption relied upon (explicit consent, employment/social protection law, legal claims, etc.) - Automated Decision-Making/Profiling (GDPR Article 22): yes/no; description; safeguards. Section 3: Data Subjects and Data Categories - Data Subject Types: - Employees - Contractors - Customers/clients - Counterparties’ personnel - Vendors/subprocessors - Website/app users - Children (note age and jurisdictional threshold: 13 US/16 EU default) - Personal Data Categories (GDPR): - Identifiers (name, email, phone) - Government IDs (SSN, passport, driver’s license) - Employment details (title, compensation) - Contract content containing personal data - Financial/payment data - Location data - Online identifiers (IP address, device ID) - Communications (email content, call recordings) - Biometric/genetic (for identification) - Health data - Inferences - Sensitive Personal Information (CPRA): - Precise geolocation - Government IDs - Financial account with credentials - Racial/ethnic origin - Religious/philosophical beliefs - Union membership - Genetic/biometric data - Health data - Sex life/sexual orientation - Contents of mail/email/messages (not directed to business) - Data Elements (list specific fields extracted/processed; link to data dictionary). Section 4: Collection and Sources - Collection Method(s) (upload, API, email ingestion, OCR, web form, SSO sync): - Source Systems/Repositories: - Collection Points (jurisdictions): - Notice at Collection reference(s) (CCPA/CPRA; link to notice; version/date): - Consent/Opt-in mechanism (if applicable): - GPC (Global Privacy Control) and Do Not Sell/Share signal handling (yes/no; method). Section 5: Processing Activities and Systems - Processing Steps (sequence; e.g., ingest → normalize → index → classify → analyze → report): - Systems/Applications (names; owner; environment: prod/dev/test): - Data Storage Locations (logical and physical; cloud region): - Data Formats (text, PDF, metadata, embeddings): - Data Flow Diagram reference (link or file ID): - Frequency and Volume (batch/real-time; records/day; peak throughput). Section 6: Disclosures, Recipients, and Third Parties - Internal Recipients (teams/roles; access controls): - External Recipients: - Service providers/contractors (list; role; services) - Subprocessors (if processor role) - Auditors/regulators (legal obligation) - CCPA/CPRA Classification per recipient: - Service provider/contractor (contract terms limit use; no sale/share) - Third party (potential sale/share) - Sale or Share Assessment (CPRA): - Sale (valuable consideration): yes/no; rationale - Share (cross-context behavioral advertising): yes/no; rationale - Opt-out mechanism and preference enforcement (including GPC): method; tested date - Contractual Controls: - DPA status (executed date) - CPRA-compliant terms (prohibitions on combining data, subcontractor flow-down, assistance with rights) - SCC/IDTA module(s) used; annexes referencing Library B data - Security addendum and audit rights - International Transfers: - Destination country(ies) - Transfer Mechanism (Adequacy; SCC Module 2/3; IDTA; BCR) - Transfer Impact Assessment reference and outcome - Supplementary measures (encryption, split processing, access controls). Section 7: Security Measures (GDPR Article 32; CPRA) - Access Control (RBAC/ABAC; least privilege; admin segregation): - Authentication (SSO, MFA): - Encryption (in transit: TLS version; at rest: algorithm/key management): - Data Minimization/Pseudonymization: - Logging/Monitoring (security logs; DLP; anomaly detection): - Vulnerability Management (patch cadence; code scanning): - Backup/Restore (RPO/RTO; tested date): - Secure Development (SDLC; privacy by design checkpoints): - Vendor Security Assurance (SIG/CAIQ; audit report references): - Breach Detection and Response (playbook link; 72-hour GDPR notification readiness; contractual notification SLAs). Section 8: Retention and Deletion - Retention Schedule (by data category/purpose; statutory references): - Triggers (contract expiry, project end, legal hold release): - Deletion Method (cryptographic erasure, secure wipe): - Archival Controls (immutable storage; access restrictions): - CPRA Retention Disclosure alignment (public notice consistency check): - Backup Data Deletion/Rotation policy. Section 9: Data Subject Rights and Requests - Applicable Rights (GDPR: access, rectification, erasure, restriction, portability, objection; CPRA: access, deletion, correction, opt-out of sale/share, limit use of sensitive PI): - Request Intake Channels (portal, email, phone): - Identity Verification process: - Fulfillment Workflow (systems queried; data mapping references): - Timelines (GDPR 1 month; CPRA ~45 days; extension criteria): - Exceptions (legal holds, trade secrets, security exemptions): - Recordkeeping (logs; metrics). Section 10: DPIA/TRA Screening and Risk - DPIA Trigger Assessment (scale, sensitive data, vulnerable subjects, systematic monitoring, automated decisions, new tech): - Risk Summary (confidentiality, integrity, availability, re-identification, transfer risk): - Mitigations Implemented: - Residual Risk Rating (low/medium/high) and approval: - DPIA Reference (link; date; approver). Section 11: Roles and Accountability - Controller vs Processor Role (per flow; per jurisdiction): - Joint Controller arrangements (if any; agreement reference): - DPO/Privacy Lead (name/contact): - Security Owner: - Business Owner: - Vendor Manager (if applicable). Section 12: Compliance Checks - GDPR Article 30 ROPA completeness (yes/no): - Article 28 processor terms verified (yes/no): - Article 5 principles alignment (purpose limitation, minimization, accuracy, storage limitation, integrity/confidentiality, accountability): - CPRA Service Provider/Contractor term audit (yes/no; date): - Notice and Consent alignment check (yes/no): - Cross-border transfer compliance verified (yes/no; date): - Training completed by users with access (yes/no; date): - Testing of opt-out/limit SPI controls (yes/no; date). Section 13: Approvals and Review - Legal/Privacy Review (name/date): - Security Review (name/date): - Business Approval (name/date): - Next Review Due (date): - Change Log (summary of changes; version history). Appendix A: Controlled Vocabularies (use in fields above) - Lawful Basis: contract, legal obligation, legitimate interests, consent, vital interests, public task. - CPRA Recipient Type: service provider, contractor, third party. - CPRA Sale/Share Status: not sold/shared; sold; shared; unknown (investigation). - Transfer Mechanism: adequacy, SCC Module 2, SCC Module 3, IDTA, BCR. - Risk Rating: low, medium, high. Notes for Contract Library B Context - Explicitly identify whether contract documents themselves contain personal data of counterparties or employees; treat contract content as a data source and apply minimization (e.g., redact unnecessary personal fields). - If using AI/NLP for contract analysis, document model inputs/outputs, training data sources, data isolation, and any vendor involvement. Confirm no use for cross-context behavioral advertising; assess for profiling risks. - Ensure service provider/contractor agreements include CPRA-compliant restrictions: use only for specified business purposes, no sale/share, assistance with consumer requests, GPC honoring, subcontractor flow-down, and audit rights. - Align retention with statutory requirements for contracts while segregating and separately applying shorter retention for extracted personal data where feasible. Deliverable Format - Recommended format: machine-readable (JSON or CSV) plus human-readable register (document). Maintain references to artifacts (DPA, SCCs, DPIA) and diagrams in a shared repository with access controls. This template is suitable for building a comprehensive data flow register for “Contract Library B,” supporting regulatory record-keeping, risk assessment, and operational compliance.
快速绘制组织级数据流,生成处理活动记录、隐私影响评估草案与跨境传输清单,完善合规档案,支撑监管问询与年度计划。
为合同与数据处理附加协议准备共享清单、留存政策与告知模板;并购或合作前完成隐私尽调,输出可执行整改建议。
将系统与数据处理活动映射,明确加密、访问与日志要求;为新系统上线提供最小化与安全控制建议,降低落地偏差。
新功能上线前梳理字段收集、第三方组件与用户同意流程;快速产出对外合规说明与常见问题,缩短审批周期。
建立统一的数据资产与处理清单,固化处理目的与留存规则;监控高风险处理与传输路径变化,推动持续优化。
复用模板进行抽样审查,生成问题清单与整改跟踪记录;显著压缩访谈与取证时间,提高审计覆盖率。
为不同行业客户定制多语言数据流图与合规材料,统一交付标准,提升项目复用与交付效率。
评估海外处理与回传流程,生成传输保障建议与供应商清单,快速回应客户审查与合作方问询。
让 AI 以资深隐私顾问的身份,按需生成用于“特定组织或系统”的数据流映射模板,帮助团队在合规审查、隐私影响评估、供应商尽调、跨境数据传输申报等关键场景中快速完成标准化文档;提升跨部门协作效率,降低罚款与合规风险,支持多语言输出与统一的专业写作风格,从而将准备时间从数周缩短到数小时,促进试用与付费转化。
将模板生成的提示词复制粘贴到您常用的 Chat 应用(如 ChatGPT、Claude 等),即可直接对话使用,无需额外开发。适合个人快速体验和轻量使用场景。
把提示词模板转化为 API,您的程序可任意修改模板参数,通过接口直接调用,轻松实现自动化与批量处理。适合开发者集成与业务系统嵌入。
在 MCP client 中配置对应的 server 地址,让您的 AI 应用自动调用提示词模板。适合高级用户和团队协作,让提示词在不同 AI 工具间无缝衔接。
免费获取高级提示词-优惠即将到期
