Cover Image

OneTrust Data Mapping module helps privacy professionals to keep records of the organization’s processing activities, and understand how data flows through out the organization. Data Mapping is an essential step for fulfilling legal requirements under the GDPR and CCPA.


The current product allows users to create relationships between any two records, but it lacks the capability to capture context and details of relationships, such as the direction, specific data involved in the relationships, and purpose of the relationships, etc.

Enhancing relationships with capabilities above is one of the most voted ideas on our user ideas portal. Interestingly, most of the user needs actually overlaps with legal requirements defined by privacy laws and regulations.


Enhance Data Mapping relationships to include the direction and details, in order to help users have a better data map.

Users & Goals

After talking to subject matter experts and potential clients, we've identified that our users' roles are mainly data engineers, solution architects and data stewards. They are typically very technologically savvy, need to be able to setup connections to their companies' data sources, run scheduled scans to discover and classify data with high accuracy, and review & approve scan results to populate privacy product like data mapping and data catalog while collaborating with people like data privacy officers whom would utilize the data to demonstrate compliance. 

Senior Solutions Architect.png
Define Problems & Scope

In order to tackle the most important problem for our users. We narrowed down the problems we want to solve and scoped them into phases. 

Phase 1

  • How might we guide users through the process of connecting to various data sources?

  • How might we help users to take actions on the scan results?

  • How might we help users to monitor the status of their scans and troubleshoot as needed?

Phase 2

  • How might we enable users to customize building blocks of data source connections such as classifiers and scan profiles?

  • How might we provide a flexible review process that's more efficient and fits different users' needs?

  • How might we use data visualization to provide insights to our users?


After going through brainstorming session and competitive research, we iterated on the critical user flows and wireframes.

Flow Sketch .png
Wire - File Tagging.png
Connect to Data Source

Leverage pre-built templates to create connection to on-premise and cloud data sources with a guided flow. Configure scans to run on a schedule or execute scans manually. Monitor event logs for scan's status.  

Feature Image - Connect to Data Source.png
Review Discovery & Classification Results

Take actions on classification results efficiently by utilizing aggregated views and flexible filters and taking bulk actions on "low-hanging fruits". Make informed decision based on the confidence score and sample data for each recommendation.

Feature Image - Review Scan Results.png
Build Customized Connections

Advanced users can build their own classifiers that detect unique data (e.g. "traveler ID" for an airline company) using pattern matching and regular expression. Additionally, users can customize specific data to detect for different data sources by creating classification profiles.

Feature Image - Discovery Pattern.png
Feature Image - Classification Profile.png
Lightweight Data Discovery Solution

We designed "vision" prototypes for a lightweight data discovery solution which is tailored towards smaller businesses and their privacy teams while maintaining the core data discovery functionalities.

Feature Image - DDPro 1.png
Feature Image - DDPro 2.png

Data Discovery is a relatively new market. Designing for a technical solution is an eye-opening experience to me. I was exposed to technologies including regular expression, machine learning, structured & unstructured data bases, etc. I got to work with a fantastic team of product managers, data engineers, and data scientists. The challenging part of this project was the amount of ambiguity we dealt with - researching ideas for such a technical product takes time so it requires us to stay agile - design, learn, and iterate. 

Next Steps

Though we received some great feedback from both external clients and internal support teams, we also heard some feedback around how the product is very complex to learn and use for someone with limited technical savviness. We have identified a few areas in the application where the UX can be simplified to meet more users' needs. We are planning on doing more UX research projects to find out what's the most critical area to tackle first.