Skip Ribbon Commands
Skip to main content

How to use SaaS solutions to identify sensitive data

Ensuring your organisation is ready for the GDPR

Louise Ozier

29/08/2017


​​​​​​​​​​​This article is going to look specifically at how we implement the use of software (SaaS) to enable your organisation to become ready for the GDPR quickly and easily, without interruption to your end users.

The first step in getting ready for the GDPR is to know what data your organisation holds. At the time of writing this article, the new legislation is only 268 days away and the four main questions you n​eed to be able to answer to ensure your organisation is ready are:

  • What data does your organisation hold?
  • Where is the data kept?
  • Why do you need to use or keep the data?
  • Do you have consent to use the data?​
A padlock on a background of binary data

What is defined as sensitive data under the GDPR?

In terms of the GDPR, sensitive data is defined as personal data, but goes further than the Data Protection Act and includes online identifiers such as an IP address. The GDPR applies to both automated personal data and manual filing systems. You can be held responsible for breaching the GDPR by allowing personal data to be compromised either by:

Misuse - using data for purposes other than that defined and recorded consent given for;

or

for data breaches, even if the breach was a malicious act (hacking), if you can't prove you had adequate data security measures and processes. ​

Will my company have GDPR sensitive data?

Data that can identify any individual, such as a name, National Insurance number, passport, IP address or even biometric data - a soon as this is recorded in any system, in a file, a database record, or even on paper - that data then falls under the remit of the GDPR. As every organisation has staff records, every company will be affected by GDPR to some extent.

However, the more individuals you deal with, and the longer you hold that data for, the more prone you are to breaches of the legislation. Companies that perform data processing, even on behalf of other companies, and particularly those that use personal data records for multiple purposes (for example re-marketing) are at most exposure to GDPR.

​Examples of who will be most affected: 

  • Retailers – High street shops and online retailers storing customer profiles
  • Health Sector -  Hospitals, doctor’s surgeries, scientific research organisations, pharmaceutical companies, with patient records
  • Education sector - Schools, colleges and universities, storing current and past student records
  • Financial sector – Banks, mortgage and insurance providers, with customer accounts
  • Recruitment companies - candidate records
  • Charity organisations - records of donors and recipients
  • Estate Agents - vendor and client records
  • Legal profession – Solicitors, CPS and courts - client records.

​How to identify data and ensure all your data is GDPR compliant? 

There is an easy and quick way to find out what data you hold and you will be relieved to know we work alongside companies that are currently releasing SaaS solutions that are designed purely to scan, discover and analyse your data, to ensure you only hold data that is GDPR compliant.  

Our Partners have solutions that use metadata to scan and analyse data which has enabled the migration of data to SharePoint for some time. It’s this technology that’s enabled these new solutions to be created specifically for the use of identifying what data you have and if it is GDPR compliant. Using NPL (Natural programming language) such as “name”, “address” or “credit card number”) this process can be done in days not months and can easily identify documents in unstructured databases, file shares and SharePoint.

The discovery phase of the SaaS tool is an important part of the new solutions as they are designed around common datatypes that can be tagged easily e.g. names, addresses, age of document, author of document, credit card numbers, postcodes IP addresses. The solution we use comes with predetermined taxonomies which can be edited easily, to reflect the sector that your organisation works within. Dashboards are then accessed with detailed data analysis which identifies the data that will not be compliant with the GDPR. Additional columns appear alongside your files with a “true” or “false” label showing whether the files are compliant with the GDPR and our team of consultants are experienced in using this technology and can advise you depending on your specific IT infrastructure.


Hype around the GDPR 

There is a lot of hype around the new GDPR coming out in May which appears to be fairly negative but instead of viewing it as a tiresome challenge that your organisation must overcome, I would advise viewing it as an excellent opportunity to gain a competitive edge within the market. Whatever your opinion is and I doubt there are many companies that relish the additional resources that will be needed to comply; from a customer’s perspective, it must be a good thing. The trust in any business relationship is one of the fundamental reasons why you have a successful company. In an age where we frequently see headlines describing yet another data breach, damage to a business’s brand and reputation is an expensive result of avoiding being compliant with the new regulations.


What to do right now! 

The key decision makers in your organisation need to be made aware of the GDPR. They need to know that the first thing they need to do is to find out what data their organisation holds. This is where we come in.

Although GDPR isn’t an IT issue as it will ultimately fall to the responsibility of who is currently responsible for your Data Protection E.g. Compliance Managers, Data Protection Officers, Data Controllers and Office Managers, the team at Fuse will be able to provide a technical solution to determining what data is held.

Before any amendments to existing internal procedures, policies or customer facing documentation such as websites and application forms can be changed they must know what is relevant to the GDPR. It may be the case that a lot of the data you hold is ROT and this can simply be deleted. If you have a completely unstructured filing system and want to take the opportunity to improve the efficiency of your business we don't just offer technical expertise, we are experienced in developing proofs of concept, functional and technical specifications. We can either then take responsibility for delivering the project or work alongside your IT departments providing a technical lead.

It doesn’t matter whether you have an inhouse IT department or not as we can work alongside existing IT managers, Compliance or HR managers. An IT consultancy needs to be your first port of call as they can advise you as to which is the best SaaS solution for your business depending on the size of your business and your budget. Having expert knowledge of your IT infrastructure and how it works is important to ensure that the right solutions are used. The benefits of using SaaS is that your end users are not interrupted and your IT departments are not impacted either.

You need to weigh up the cost of using an IT consultancy who can implement the right tools against the extra resources it will take to trawl through and analyse your data manually. This can seem daunting, but it’s a great opportunity to get your data in order and have confidence that your organisation can be proud of its commitment to protecting the data of its employees, customers and suppliers.​

If you want further advice or a quote on how we can help you get ready for the GDPR call Fuse today on 01604 797979 or contact us​


Top Blog Posts From Fuse

 

 

9 Reasons Why Cloud Computing is a No-brainerhttps://fusecollaboration.com/blog/9-reasons-why-cloud-computing-is-a-no-brainer9 Reasons Why Cloud Computing is a No-brainer
Simple Incoming Email with On Premises SharePoint and Exchangehttps://fusecollaboration.com/blog/simple-incoming-email-with-on-premises-sharepoint-and-exchangeSimple Incoming Email with On Premises SharePoint and Exchange
Recovering Workflow History after 60 dayshttps://fusecollaboration.com/blog/recovering-workflow-history-after-60-daysRecovering Workflow History after 60 days
Allowing anonymous users to add items to SharePoint listshttps://fusecollaboration.com/blog/allowing-anonymous-users-to-add-items-to-sharepoint-listsAllowing anonymous users to add items to SharePoint lists
Dynamic Page Layouts in SharePoint 2013 - Part 1https://fusecollaboration.com/blog/dynamic-page-layouts-in-sharepoint-2013-part-1Dynamic Page Layouts in SharePoint 2013 - Part 1

Recommended Pages

 

 

About Fuse Collaborationhttps://fusecollaboration.com/fuse-home/aboutAbout Fuse Collaboration
Skype for Businesshttps://fusecollaboration.com/technologies/skype-for-businessSkype for Business
Hosted Skype for Businesshttps://fusecollaboration.com/technologies/skype-for-business/hosted-skype-for-businessHosted Skype for Business
SharePoint Consulting, Design and Developmenthttps://fusecollaboration.com/technologies/sharepointSharePoint Consulting, Design and Development
Microsoft Azure Solutionshttps://fusecollaboration.com/technologies/azureMicrosoft Azure Solutions

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

New GDPR Analysis Pricing699<p class="lead">​​​Fuse can ease the challenge you are facing with the GDPR by offering a solution that will analyse your data for you quickly and cost effectively.</p><div></div><p>​My <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=2b6bb279-9fd6-44bf-b4e7-23100b1f156a">recent blogs​</a> have already mentioned the effect that GDPR is having on UK businesses. The deadline is looming but <strong>don’t panic</strong> if you feel you are running out of time as we have <strong>important news</strong>. </p><p>Our customers are reporting that they are having many calls in response to the GDPR, offering you solutions to help but what you really need is a quick, fixed price solution that you know will do what it claims to. One of our partners has responded to customer and partner feedback by changing their pricing model for their data evaluation kit to be just that. </p><p>This is in response to listening to customers who have allocated budgets for the GDPR project, and it’s amazing to see that most budgets are being spent on the staff time spent on the project and not on solutions that would be more cost effective. Discovering PII (Personal Identifiable Information) is viewed as a <strong>manual process </strong>which costs organisations time and money. </p><p>Discovering personal Identifiable Information and Sensitive Information within documents is one of the first steps you need to complete to become compliant. </p><p>All you need is the answer to one question&#58;</p><p> <strong>Do you know the amount of data your business holds as electronic documents?</strong> Hopefully you do! If not, don’t worry we can help you find out with a <strong>free evaluation </strong>of your data.</p><div>If so, look at the table below for the cost of the solution we can introduce you to. The price includes an annual subscription with unlimited document scans for the 12-month license term, regardless of the size of documents.</div><div></div><ul><li>Up to 1TB = £2,999</li><li>Up to 5TB = £7,999</li><li>Up to 20TB = £14,999</li><li>20TB plus = price on application </li></ul><div>The pricing is based on the size of data in the system where the documents are stored. This pricing includes unlimited users and full product support. This solution can be used across multiple systems which include <strong> <em>Office 365</em></strong>, <strong> <em>Dropbox</em></strong>, <strong> <em>OneDrive</em></strong>, <strong> <em>Google Drive</em></strong> and <strong> <em>SharePoint</em></strong>. The solution then reads Office documents, PDF’s, OCR photocopies etc. It will also reduce the size of your files, removing duplicates and archiving&#160;<span style="text-align&#58;left;color&#58;#302e2f;text-transform&#58;none;text-indent&#58;0px;letter-spacing&#58;normal;font-family&#58;&quot;segoe ui&quot;,tahoma,helvetica,arial,verdana,sans-serif;font-size&#58;14px;font-style&#58;normal;font-variant&#58;normal;font-weight&#58;400;text-decoration&#58;none;word-spacing&#58;0px;display&#58;inline;white-space&#58;normal;orphans&#58;2;float&#58;none;background-color&#58;transparent;">files</span> non-accessed over a period. This solution is also valuable when <strong>migrating </strong>documents from SharePoint and file shares to O365.</div><div>&#160;</div><div class="thumbnail"> <img class="img-responsive" alt="ScanR Process" src="/ourblog/Blog%20Site%20Images/ScanRProcess.png" />&#160;</div><div></div><div class="well well-lg"><h2>Features of the ScanR Solution&#58;</h2><ul class="lead"><li>​Automate the process for discovering PII and Sensitive Information.</li><li>Enable you to quickly respond to “Subject Access Requests “and the “Right to be Forgotten “regulation.</li><li>Comply with over 10 of the required articles within GDPR.</li><li>Reduce data storage requirements, remove duplicates and archive non-accessed files. </li><li>Gain an understanding of who has access to it.</li><li>Gain an understanding of how long it’s being retained.</li><li>Retain personal data for a period of time directly related to the original intended purpose.</li><li>Find risky files and take action.</li><li>Manage a Subject Access Request&#58;</li><ul><li>Request a port of the data</li><li>Request a correction to the data</li><li>Request deletion of the data​</li></ul></ul></div><p></p><div class="thumbnail"> <img class="img-responsive" alt="ScanR overview" src="/ourblog/Blog%20Site%20Images/dashboard-scanr1.png" /> <div class="caption"><h3>The Overview Dashboard</h3><p>Rich dashboards in ScanR allow you to understand where your sensitive data resides, and prioritise where to take action.​</p></div></div><p>To read my previous blogs surrounding GDPR please click on the links below&#58; </p><p><a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=2b6bb279-9fd6-44bf-b4e7-23100b1f156a"><img class="ms-asset-icon ms-rtePosition-4" src="/_layouts/images/icgen.gif" alt="" />How to use SaaS solutions to identify sensitive data</a></p><p>​<a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=38ff9d3b-d9e1-4a22-b57e-04260d2d12b3"><img class="ms-asset-icon ms-rtePosition-4" src="/_layouts/images/icgen.gif" alt="" />Clear out the ROT!​</a></p><div class="well well-lg"> <p class="lead">To <strong>request a demo and free evaluation</strong> on your documents call Fuse today on 01604 797979 or <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=218eb0be-10f6-490a-82a7-a7fd47c8de90">contact us</a>. We are available to answer any queries you have and our aim is to work alongside your needs and priorities ensuring optimum efficiency of your IT infrastructure.</p></div>l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier22/11/2017 00:00:002017-11-22T00:00:00ZDiscover Personal Identifiable Information & Sensitive information within Documents22/11/2017 14:55:30htmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us