A data inventory is a structured catalogue that records every data asset an organisation holds, including its physical or logical location, the designated data owner, its classification level (e.g. public, internal, confidential) and who has access to it. It typically also captures metadata such as retention periods, processing purposes and legal bases for processing under the GDPR.
Maintaining an accurate and up-to-date data inventory is essential for demonstrating accountability under frameworks like ISO 27001 and the GDPR. It enables organisations to quickly identify which systems are affected during a security incident, supports data subject rights fulfilment and provides auditors with clear evidence that data governance processes are in place.