Classification and audit
A first step towards achieving GDPR compliance and mitigating the risk of a potential data breach is to conduct a data protection audit.
The GDPR requires you to document where you’re storing the personal data of EU citizens. For our discussion, “where” refers to both a geographic location as well as what kind of mechanism you’re using to store it—whether that’s in emails, documents, databases, backups, email lists, etc.
Recent research has indicated that over half of data breaches are the fault of company insiders. Therefore, to mitigate the risk of a data breach and better comply with the GDPR it is crucial that you can answer with confidence the following questions:
- Where is personal and sensitive data stored in your organisation?
- Who has access to it?
- Should you be retaining it?
In truth most organisations, find it extremely difficult to answer these questions with any degree of certainty. The sheer scale of unstructured data held within the modern organisation which incidentally is growing (according to IDC research) by 61% per annum can make answering these questions difficult, if not impossible.
How Infoboss helps
Infoboss collects data from any digital data source – structured and unstructured. As it does so, it applies rules that you define to identify and tag data of interest enabling a comprehensive searchable, data catalog to be built. It can be used to:
- Identify where you are storing personal and sensitive data;
- How you protect the data (and importantly who has access to it);
- How long you have been keeping the data (is it within your data retention policy guidelines);
- Whether your data processing consent policy is being applied;
- Whether ‘right to be forgotten’ requests are being respected;
- To easily find data to service a data subject or freedom of information request;
- Understand the relevance and value of your unstructured data; and
- Identify non-compliant, poor quality or problematic data entering the data estate and take action in a timely manner.
“We used the results of the audit to inform our data minimisation activities ahead of a significant data migration project.”