It has never been more important to understand where the personal data you hold sits on your network. The ICO’s (Information Commissioner’s Office) position on personal data loss is very clear: If a company holds personal data, regardless of why they were holding it or how they lost it, they will be held responsible for it. Yet because personal data is often pervasive throughout an organisation, protecting it – in practice – is difficult.
Our Data Discovery capability for GDPR helps you understand where Personally Identifiable Information (PII) exists on both your unstructured network – including file servers, laptops and desktops, and email – and structured databases. We help you quickly understand what PII data you hold, where it is, and who has access to it.
The volume of PII data held by many organisations is huge; many don’t even know what personal data they hold and what data is at risk. It’s easy to lose track of where sensitive data is held – employees’ working practices can vary and if someone leaves the organisation, critical knowledge can be lost. Our data discovery capability can also give you an understanding of the dark data that exists on your network(s). This could be of value but also contain risk if you do not know what PII it holds.
As recent cases show, individuals and organisations are willing to take advantage of companies with data vulnerabilities and do them harm. These threats won’t go away – organisations need to be one step ahead.
A PII incident can be expensive – in terms of a hit on share price, the risk of a fine from the ICO, and the cost of defending or settling any subsequent class action. Companies and their boards who fail to adequately prepare for, respond to and/or remediate a data loss event will face criticism from media, shareholders and other stakeholders. Understanding your sensitive data has never been more important.
GDPR affects every organisation that processes personal data, but each organisation is different in terms of people, technology and culture. Finding and remediating GDPR risks on an electronic network begins with understanding your unique business – we will tailor our tried and tested approach to every business, allowing us to quickly and efficiently discover and analyse data, and remediate data that’s out of policy.
We use leading-edge technology and the experience of our data discovery experts to help you understand the PII data you hold. We use our sampling methodology and the expertise of our document review specialists to rapidly analyse huge volumes of data, giving you the answers you need quickly and accurately.
Our team’s expertise uses the same technology and knowhow to help you also understand where cardholder data, intellectual property and other business sensitive data exists, as well as stale and duplicate data. This approach helps to reduce the risk organisations face when working towards GDPR compliance, while also helping to optimise the cost of data hosting or litigation costs. More importantly we can help you implement these solutions into your business as a long term solution to future proof you against risk and non-compliance.
We will help you select the right technology for your needs, carrying out a vendor analysis if you need it (or suggest a preferred partner). If you have your own data discovery or data loss prevention software we will help you configure and run it on your network and devices, and work with you to plan, review and remediate the findings.
Our team is truly global, with on-the-ground expertise in all the major EU economies and further afield, and have the advantage of offering a comprehensive range of services – forensics, legal, data discovery and intelligent review – all under a single provider.