There is no definitive answer to this question, but there is a preferred approach. Instead of thinking about data audits and data mapping as something that is done monthly, quarterly or annually, companies instead should conduct data audits on a routine basis.
A good comparison to an effective data audit system is the process by which a grocery store records inventory of its products. An organization is obligated to maintain a regular inventory of the data they collect and store at any given moment, as data stores change with processing, similar to how grocery store inventory changes with restocks and purchases.
However, conducting formal reviews of the data audits and data processing at regular intervals that are time-bound are recommended. It is important to underscore though that organizations have an obligation to understand the data they are collecting and storing at any given moment per GDPR rules. Aside from the responsibility organizations have to simply track this for the sake of tracking it, they must maintain this inventory to comply with DSAR requests that may come in at any given time.
Get started with our GDPR checklist.
