Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

A step-by-step guide to mapping Systems

By mapping your organisation's Systems and Vendors, you're laying the foundation for your future GDPR work. Here's how to add your Systems.

Publish date: March 28th 2025

In order to describe your Processing Activities, you must know what types of personal data you process and where it is stored.
That's what you establish when you map out your Systems and any relevant contents.

So, what are Systems, and how do you go about mapping them?

Your Systems are the platforms – typically IT systems, but could also be filing cabinets – you use in your daily work, and which store or process personal data. By mapping your Systems, you get a structured overview of what personal data you process, who they concern, and how they're stored – here's what you do:

1. Start by heading to System & Vendor Management

A step-by-step guide to mapping Systems ENG - Dashboard

 

From here you can see all the systems currently mapped. Alongside the information mapped to each system.

By mapping your systems and vendors you build a strong base for building your Records of Processing Activities.

2. To add a new System, choose 'New system' in the top right.

A step-by-step guide to mapping systems ENG - System overview

3. Type in the name of the system
If we have the system in our database then we will provide it as suggestion, and we'll add some known information about the system, such as vendor.

If you wish to add more Systems, press “Save & create new”.


A step-by-step guide to mapping systems ENG - Known systems

4. Open up a system to reach the detail page
From the detail page you can access add and edit information on each system.

A step-by-step guide to mapping systems ENG - System detail page

Each system contains a lot of options. Below you can find a description of what it all refers to.

Remember that most of the default options in these menus can be edited from the settings.
Or by adding options as you answer each question.

Base information

Status
Register whether this system has been fully mappe (Done) or underway (In progress) or still empty (Not started).

This is tracked on the dashboard as the percentage of systems that are Done.

Company (Only visible if you have group structure activated)
Register which companies, in a group, make use of this system in this way.

Owner & Responsible
Who internally is Owner of the system, and who is Responsible for the system.

By default there is only the Responsible field, however you can have the Owner field activated by contacting your Customer Success Manager or our support (support@wiredrelations.com)

Vendor
Who is the vendor of this system.

Where is data stored?
How is data stored within this system? Is it a cloud service, a physical cabinet, or something else?

Addition system fields

It's possible to add 5 more fields to the systems page. These are off by default, however can be added by your Customer Success Manager, or our support (support@wiredrelations.com)

System type
What type of system are we mapping. A software, a cabinet, a server, or network etc.

Criticality
How critical is this system for business operations

Data sensitivity
Does the system contain sensitive data of any type? Whether that be sensitive personal data, or confidential business information.

Identity Access Management
How is Identity Access Management done in this system?

Accessibility
How accessible is this system. Do you need a login or can anyone access it?

Description page

On this page you get the most relevant overview of information of the system.

Description
A short description of the system and it's purpose.

Labels
Use this function to label the system in different customised ways. See our article on labels best practice.

Additional information
Link to pages or websites containing information about the system

Processing activities
From here you can see how the system is connected to processing activities mapped under GDPR and Data Protection

Risk assessments
From here you can see which risk assessments have been completed about this system, their conclusions, and you can create a new risk assessment.

Personal data

Document which personal data is processed in this system, and which data subjects it relates to.

If you're unsure about this, it can be helpful to look at the functionality of the system, ask a colleague more familiar with the system, or look through the Data Processing Agreement if one exists.

Connections

Connect to other Systems if relevant, e.g. if the Systems share an integration and will share personal data.

Attachments

Attach any relevant documentation, so you can access all information from the same place. This could be a service-level agreement, deletion policies, etc.

Remember that an attachment can also be a link to an external source or system.
 

Tasks

See all tasks currently connected to this system, and create new tasks. For more details see our Walkthrough of Tasks

Conclusion

Once you've completed your System details, you go to 'Vendors' in the menu and complete the Vendor details as well.