Skip to content Skip to footer

Loading Results

Data discovery for GDPR

Helping you understand the data you hold, where it sits and who can access it

It has never been more important to understand where the personal data you hold sits on your network. The ICO’s (Information Commissioner’s Office) position on personal data loss is very clear: If a company holds personal data, regardless of why they were holding it or how they lost it, they will be held responsible for it. Yet because personal data is often pervasive throughout an organisation, protecting it – in practice – is difficult.

Our Data Discovery capability for GDPR helps you understand where Personally Identifiable Information (PII) exists on both your unstructured network – including file servers, laptops and desktops, and email – and structured databases. We help you quickly understand what PII data you hold, where it is, and who has access to it. 

Your sensitive data is a target

The volume of PII data held by many organisations is huge; many don’t even know what personal data they hold and what data is at risk. It’s easy to lose track of where sensitive data is held – employees’ working practices can vary and if someone leaves the organisation, critical knowledge can be lost. Our data discovery capability can also give you an understanding of the dark data that exists on your network(s). This could be of value but also contain risk if you do not know what PII it holds.

As recent cases show, individuals and organisations are willing to take advantage of companies with data vulnerabilities and do them harm. These threats won’t go away – organisations need to be one step ahead.

A PII incident can be expensive – in terms of a hit on share price, the risk of a fine from the ICO, and the cost of defending or settling any subsequent class action. Companies and their boards who fail to adequately prepare for, respond to and/or remediate a data loss event will face criticism from media, shareholders and other stakeholders. Understanding your sensitive data has never been more important.

How PwC can help

GDPR affects every organisation that processes personal data, but each organisation is different in terms of people, technology and culture. Finding and remediating GDPR risks on an electronic network begins with understanding your unique business – we will tailor our tried and tested approach to every business, allowing us to quickly and efficiently discover and analyse data, and remediate data that’s out of policy.

We use leading-edge technology and the experience of our data discovery experts to help you understand the PII data you hold. We use our sampling methodology and the expertise of our document review specialists to rapidly analyse huge volumes of data, giving you the answers you need quickly and accurately.

Our team’s expertise uses the same technology and knowhow to help you also understand where cardholder data, intellectual property and other business sensitive data exists, as well as stale and duplicate data. This approach helps to reduce the risk organisations face when working towards GDPR compliance, while also helping to optimise the cost of data hosting or litigation costs. More importantly we can help you implement these solutions into your business as a long term solution to future proof you against risk and non-compliance.

We will help you select the right technology for your needs, carrying out a vendor analysis if you need it (or suggest a preferred partner). If you have your own data discovery or data loss prevention software we will help you configure and run it on your network and devices, and work with you to plan, review and remediate the findings.

Our team is truly global, with on-the-ground expertise in all the major EU economies and further afield, and have the advantage of offering a comprehensive range of services – forensics, legal, data discovery and intelligent review – all under a single provider.

Case study - identifying personal data

  • We worked with the client's IT, InfoSec, and Information Governance teams, as well as a data discovery technology vendor, to ensure the client had considered all their requirements, current and future.
  • In parallel with the technology deployment, we designed and applied a risk-based approach to keep the discovery and remediation progressing at pace. In our first week alone we found over 30 million records of personal data within a single business unit. We helped the client configure the tool, target locations and run data discovery searches, analyse results, and devise an appropriate review and remediation methodology.
  • We developed bespoke dashboards to educate key stakeholders, helping the business units understand the findings and associated risks unique to their department.
  • We designed workflow and procedures for data profiling, review of results, data remediation and long-term storage, ensuring a seamless transition into business as usual.
  • At the point of transition across to a business as usual process, we had discovered 1.2 billion records of customer and employee personal data that was not stored in a secure manner.

How can we help you to overcome these challenges?

Contact us

Denzil Coelho

Denzil Coelho

Director, PwC United Kingdom

Tel: +44 (0)7725 706596

Follow us