OneTrust Data Mapping module helps privacy professionals to keep records of the organization’s processing activities, and understand how data flows through out the organization. Data Mapping is an essential step for fulfilling legal requirements under the GDPR and CCPA.
The current product allows users to create relationships between any two records, but it lacks the capability to capture context and details of relationships, such as the direction, specific data involved in the relationships, and purpose of the relationships, etc.
Enhancing relationships with capabilities above is one of the most voted ideas on our user ideas portal. Interestingly, most of the user needs actually overlaps with legal requirements defined by privacy laws and regulations.
Enhance Data Mapping relationships to include the direction and details, in order to help users have a better data map.
Users & Goals
After talking to subject matter experts and potential clients, we've identified that our users' roles are mainly data engineers, solution architects and data stewards. They are typically very technologically savvy, need to be able to setup connections to their companies' data sources, run scheduled scans to discover and classify data with high accuracy, and review & approve scan results to populate privacy product like data mapping and data catalog while collaborating with people like data privacy officers whom would utilize the data to demonstrate compliance.
Define Problems & Scope
In order to tackle the most important problem for our users. We narrowed down the problems we want to solve and scoped them into phases.
How might we guide users through the process of connecting to various data sources?
How might we help users to take actions on the scan results?
How might we help users to monitor the status of their scans and troubleshoot as needed?
How might we enable users to customize building blocks of data source connections such as classifiers and scan profiles?
How might we provide a flexible review process that's more efficient and fits different users' needs?
How might we use data visualization to provide insights to our users?
After going through brainstorming session and competitive research, we iterated on the critical user flows and wireframes.
Connect to Data Source
Leverage pre-built templates to create connection to on-premise and cloud data sources with a guided flow. Configure scans to run on a schedule or execute scans manually. Monitor event logs for scan's status.
Review Discovery & Classification Results
Take actions on classification results efficiently by utilizing aggregated views and flexible filters and taking bulk actions on "low-hanging fruits". Make informed decision based on the confidence score and sample data for each recommendation.
Build Customized Connections
Advanced users can build their own classifiers that detect unique data (e.g. "traveler ID" for an airline company) using pattern matching and regular expression. Additionally, users can customize specific data to detect for different data sources by creating classification profiles.
Lightweight Data Discovery Solution
We designed "vision" prototypes for a lightweight data discovery solution which is tailored towards smaller businesses and their privacy teams while maintaining the core data discovery functionalities.
Data Discovery is a relatively new market. Designing for a technical solution is an eye-opening experience to me. I was exposed to technologies including regular expression, machine learning, structured & unstructured data bases, etc. I got to work with a fantastic team of product managers, data engineers, and data scientists. The challenging part of this project was the amount of ambiguity we dealt with - researching ideas for such a technical product takes time so it requires us to stay agile - design, learn, and iterate.
Though we received some great feedback from both external clients and internal support teams, we also heard some feedback around how the product is very complex to learn and use for someone with limited technical savviness. We have identified a few areas in the application where the UX can be simplified to meet more users' needs. We are planning on doing more UX research projects to find out what's the most critical area to tackle first.