How We Work

Flowz follows the principles of the international standard on Information Risk Management – ISO 27005. This standard defines two types of primary data assets: 

– Business processes and activities = data flows or transactions

– Information = data assets or data repositories

Flows uses responsive customer-defined data gathering to map together data flows and data assets to build a picture of personal data processing, associated risks and risk-mitigating controls operating across your organisation.


Data exchanges that don’t go via the organisation but for which the organisation is a controller or a processor.


Joint controller to third party

GDPR Article 27 and 29

Permitted processor to sub-processor

GDPR article 27 and 29

GDPR article 28


Deployment models

Flowz can integrate with data discovery tools which can automate data collection:

Understanding your strategy is a vital step towards successful deployment.