When I was working as a GDPR consultant, part of the requirements of the legislation was to understand the data flow as it passes through the organization (https://it-ebs.co.uk/news/gdpr-map/). This allowed us to spot any cyber security risks that may occur at any stage from collection to archiving. In those days I had my own office, so I plastered the wall in newsprint and drew all the departments in one color with the data flow in a separate color as it passed through each section. Staff would drop by and add their opinion, and the usual response was “Oh, I didn’t know that’s what happens with the information”. People get siloed in their own section and loose sight of the bigger picture of the overall process. This exercise allowed everyone to gain a greater appreciation of what everyone does and actually assisted communication across the organization. After that project was completed, they kept it on the wall, and it is still used for induction sessions for new staff (https://it-ebs.co.uk/news/gdpr-data-map-where-to-begin-developing-a-visual-aid-to-help-understand-workflow/).
This tool is a digitized version of that original wall chart and is designed not only for purposes of data security but also to understand how information is used and transformed on its lifecycle (https://it-ebs.co.uk/news/data-workflow/). First you define each department, with its relative function, then fill in all their dependences and process before it moves along the chain. This is not only useful to determine the path but also how the essence of the data changes its nature along the way.
The organisation I worked for was involved with debt collection. Some of the clients were power companies so this could involve thousands of individuals. The file was originally sent by clients via an online portal and would contain name, addresses, amount owing and what it was for. This was extracted by the IT department and sent for processing which would then mail merge the information and sent out to the creditor. The responses were monitored and then divided into paid, unpaid and contested. Contested where then to be negotiated, unpaid to legal and some even went to court for collection. The results would be relayed to the client, the file updated before the next debt cycle were due. This would be to prevent the duplication of demand letters from being sent out for issues that had been dealt with. This is a simple example of one piece of information that can mutate in different ways according to the context and input there are along its journey.
This not only defines data handling but also provides a snapshot of how your organisation actually functions and works together. It also highlights gaps in the communication trail and what can be done to smooth out the process. You never know. It might prove useful for induction sessions.