You've already considered the scope of the process step you are looking at via it's verb/noun name, and at the inputs and outputs of the process step.
You now want to consider the data and constraints that affect or are required for this process step to operate properly.
For example, if the process step is to capture a customers user-name and password you need to identify that the data elements include both the customers' username and password. Furthermore there may be constraints; the username and password may have to comply with a security policy that requires both alpha and numeric characters in the password.
Data and constraints apply both to automated and manual processes.
Neither data nor constraints are actually part of the process and so typically would not be included in a process diagram, but they are relevant and useful and as such as useful to capture. Grabbing them while in a workshop with the experts saves time and revisiting them later.
Constraints are often driven by external stakeholders to the project or product team, and it's important to know who they are early and what these constraints may be. Common examples I have dealt with include ones internal to the organisation such as corporate security policies and banding, and external constraints include things such as government regulation and legislation around privacy and opt-in/out direct marketing laws. Naturally there are plenty of others.
Data can include specific artefacts such as the name and password examples above, but can also include complex and sophisticated things such as business rules and policies. Most data is typically not changing during the transformation caused by the process.
Some data does change, and if something is changing it would be the noun subject of the process step. So if you are changing a password the process step may read "Change password" and naturally the active password will change. Data that should still be captured includes the old password, the time of the change and the new password, not to mention the business rules around password maintenance.