Data Subject Access Solutions

Process SARs in minutes, not days

The Exonar platform provides automated, intuitive and rapid processing of subject access requests (SARs), substantially reducing costs and decreasing disruption to your organisation.

After 25th May 2018, when the EU’s General Data Protection Regulation (GDPR) came into force, organisations can no longer charge for producing SARs. This means you should prepare for a significant increase in the number of requests your organisation handles. In our recent survey 57% of individuals said they would want to request their data as there is now no cost.

SARs can be over 800 Pages Long. Where do we start?

Subject access requests can cross many business units, departments, systems, processes and people. Often the only way to deal with them has been to email line management and request printed copies of the information requested, coralling that information then sending it to the customer via courier.

There’s an easier way. Use Technology

Connect to all of the sources of your customer data; emails, databases, word documents and spreadsheets, in your fileshares or in the cloud. Build an index of all of that information so that you can search it, instantly. Use machine learning to help guide you to all of the right and less of the wrong information. Manage your SARs online and track them as they progress.

Doctor! Doctor! I have a SAR – How Long is the Waiting List?

A First-Hand Account of the Problematic Role of SARs Processing
It’s widely known that resources within the NHS are stretched. So what happens when an institution that is already buckling under the pressure receives a consistently large volume of SARs with tight delivery deadlines?
Read More

The Exonar platform continuously indexes all of your organisation’s data, meaning producing a subject access request is simple, quick and efficient:

Process, redact and produce SARs directly from the Exonar platform, without needing to scan or photocopy information
SAR dashboard shows you where you are with cases, and who you’re waiting on
Create simple templates to enable untrained users to find information relating to an individual
Review documents without needing to access the originals
Use machine learning to identify and redact personal and commercial information

CIO Solutions

Harness your data – unlock your assets

Gartner’s 2018 CIO Survey (above) plainly reveals that the job of the CIO is changing. As digitalisation
and innovation put more emphasis on the information rather than the technology in “IT,” the CIO’s role is transforming from delivery executive to business executive. They must now control costs and re- engineer processes to drive revenue and exploit data.

So, how does a CIO transform their organisation to help drive revenue and the exploitation of data whilst controlling costs and facilitating these business objectives?

According to The Economist ‘the world’s most valuable resource is no longer oil, but data’. Therefore, the Chief Information Officer should be an organisation’s most valuable asset. However, many are struggling to operate at their full potential. Time and again, strategies are defined and goals are set but the fundamental data question remains –

“I don’t even understand what data I’ve got. Where do I start so I can begin using it?”

By answering this seemingly simple yet complex question, CIO’s are able to advance the objectives of their business, transforming the model whilst supporting the digital agenda.

Often seen as a risk, we want to demonstrate that rather than being something to be concerned about, data can be controlled and turned into an asset.

The Issues With Today’s Solutions

If ‘data is the new oil’, then the ability to use the information we hold about our customers and businesses appropriately and in context is the key to digital transformation and organisational success. In this new world, the ability to remove friction from the customer journey whilst efficiently ensuring the safety and security of the data becomes paramount.

If we assume that to harness and control data we first need to know what we have, we can see that there are a number of approaches currently being deployed to establish a foundation:

  • Clipboard exercises interviewing line management to ascertain where the organisation thinks its data should be and what the data flows should look like. Time intensive, often requiring external consultants and delivering an espoused view as opposed to reality often facets this approach.
  • Tackling structured data with a barrage of queries often yields results but precludes all of the unstructured data both within those structured sources (like CRM systems) and the ‘Wild West’ of shared drives, email platforms, cloud storage systems and ‘servers under a desk in Stoke’.
  • eDiscovery systems can be deployed to try and forensically assess what data is out there. Expensive, restricted and with an inability to respond quickly, these systems only get a partial job done. Our system reduces the size of your data lake, minimising Data Analyst’s effort to complete the task.
  • Data Governance Solutions are utilised to try and control users and their access to, and use of, information. Largely focusing around directories and fileshares but with rules and some AI, these tools do their job but on a limited set of data up to a capped scale with some, but often restricted, insight into what’s going on with the information estate.
  • Data Loss Prevention (DLP) platforms are acquired to get control on the data and how it flows. Expensive, lengthy and with inflexible rule matrices that can often take 2 years to develop and can become obsolete in an instant means that this ‘hard code’ approach to try and tag and bag data to get it under control and understood often falls short of the overall goals.
  • Data Management platforms like Hortonworks provide powerful tools to leverage data and understand it. However, they are often mired in lengthy development cycles and require hard-to- recruit and retain developers and technologists.
  • ‘Traditional’ storage systems such as a SAN allow organisations to easily add data capacity but not to automatically manage or control information based on content and therefore relevance.

Click here to download the PDF version of this guide.

The Smart Alternative

The diagram below provides an architectural overview of the Exonar Information IntelligenceTM platform and how this platform has been harnessed to create a new concept in data management – Search Optimised Smart Storage (SOSS).

Exonar Search Optimised Smart Storage

The verb SOSS means ‘to move gently’. The movement of data, or data control, within an organisation is crucial not only for controlling Total Cost of Ownership (TCO) but also for utilising information as an asset and managing information as a risk.

Search Optimised Smart Storage (SOSS) from Exonar allows intelligent data control policies to be defined through the powerful and flexible search capabilities inherent in the Exonar Platform. SOSS provides the capability to automatically move data to the right location with the right performance and protection based on the data’s content, metadata and importantly, its value and risk. Crucially, SOSS moves data gently enough that it always remains searchable, discoverable and accessible to the right set of people and applications.

SOSS Platform Capabilities

  • Optimising TCO and performance for frequently accessed data through smart storage tiering.
  • Placing verbose or repeated data into Deduplicated and Compressed storage locations.
  • Moving important data to storage locations with DR policies that define data appropriate Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).
  • Reducing TCO for orphaned, stale and rarely accessed data by moving from ‘hot’ to ‘warm’ or ‘cold’ storage (e.g. cloud storage).
  • Protect sensitive data by moving it to an encrypted and access restricted storage location.
  • Retention and records management via search based retention policies that control not only where data is kept but how long it is kept for.
  • Enable rapid data production for regulatory production (such as GDPR Subject Access Requests)

But How?

The Exonar platform is uniquely positioned to combine massive scalability, speed and data ingestion from almost any source. It has the ability to interrogate and analyse content rich data in bulk or at the level of an individual item, in near-real time. This is delivered on a clustered and resilient software and hardware platform that can economically scale to a range of customer data requirements and sizes; from around 100,000 up to billions of items. Exonar’s platform provides: integration, coordination and deployment of scalable big-data technology on commodity hardware, the use of Machine Learning and natural language processing techniques to understand and classify information, and the use of indexing and a user-experience layer to provide insight for our clients, with security always top of mind.

The vast amounts of data and variety of usage patterns pose a number of challenges:

Data presentation – users are provided the high level insight they need as well as an ability to zoom in and work with individual documents.
Finding the needle in a haystack – users can easily locate that one document they care most about amongst 10s or 100s of millions of documents in their organisation. This requires a powerful search interface, flexible schema and fast response times. An intelligent platform backed by Machine Learning makes it possible to automate processes which otherwise would require a huge amount of manual processing.
Scalability – the high volume and variety of data and fast rate of growth put Exonar firmly in the Big Data category. As our customers’ data volumes increase, the platform is designed to scale up with the volume.
Evolving requirements – we are able to quickly react to the needs of our customers and pivot when necessary. Using open source components at the core of our platform enables us to take features to market quickly, focus on solving the most pertinent problems and provides clients with the assurance of long term utility should Exonar no longer exist.

Exonar has an open framework that can connect to all of the most frequently used business information systems. Implementation is rapid and the platform delivers results from day one of installation. We employ a layered architecture which takes data from external systems and applies a series of processes to understand and index it, making it available for interrogation by users and other systems. For organisations with more complex environments, custom connectors are created to integrate legacy systems data into this new environment. The platform doesn’t need an analyst to operate it and is accessible by a regular business with a half day of training.
Exonar is provided as a scalable appliance. It is licensed on an annual basis against the amount of data indexed, with sliding scale discounts applying to larger data volumes, and includes all hardware and software support and maintenance as well as product updates.

Leveraging The Exonar Platform

Clients are deploying the Exonar platform to solve a range of business imperatives, such as:

Data Privacy

  • Achieve and maintain compliance with Data Privacy regulation like GDPR, CCPA and POPI
  • Process access requests for personal data in minutes, not days
  • Create a Data Inventory of ALL your data.

Partner Data Indexing

  • Reduce costs in limiting time finding your partner data
  • Index data remotely, improving operational efficiency.

Cloud Bloat

  • Detect cloud data classified as ‘digital litter’ – duplicated, outdated and trivial
  • Organise information to speed up usability, efficiency and governance.

Records Management

  • Assemble practical intelligence on data and file location and sensitivity
  • Drill into specific files of the same subject, regardless of location and format.

Information Security

  • Discover and understand your sensitive information, what it is, where it is and who has access to it to ensure it can be properly and appropriately protected.

Data Lake Filtering

  • Our eDiscovery tool reduces your data lake, minimising human effort.

The Exonar Advantage

Intuitive User Interface

  • You don’t need to be a data scientist or an analyst. Simply connect Exonar to your network and our easy-to-use dashboards enable you to pull charts up and drill to any level of detail.

Intelligent Classification

  • Intelligent Classification automates the process of identifying patterns in documents and categorising them for protection, accessibility or deletion. Categories are defined by anything a user can search for, such as document markings, location, authorship, accessibility or contents.

Massive Scalability

  • Exonar’s ability to search billions of enterprise documents and return not just one but all of the most relevant results swiftly is enormously powerful. Our product can be scaled horizontally and can be installed either on-premise or in the cloud.

Boundless Connectivity

  • Exonar has an open connector framework allowing it to connect to almost any data source.

Near real time performance

  • Exonar’s platform delivers near real time responses to queries so it can be utilised both for single instance and ongoing monitoring of information assets. In addition, users can interrogate information from day one with a single ‘crawler’ ingesting around a million items a day.

Customer Obsessed Culture

  • Exonar’s agile culture sees our development process evolve through iteration, continuous feedback and evolution. We are highly focused and work collaboratively with our customer base to deliver a solution that can enable your digital transformation.

Exonar Background And Experience

The Exonar platform was originally developed for the needs of clients in the Defence sector. The system enabled them to understand their Intellectual Property, assess the ramifications of its loss including the business impact, and to help design improved processes for future protection.

We are an innovative technology company, based in the UK. This year we were selected by one of the UK’s largest retail banks over IBM to meet their initial requirements for ‘life after GDPR day’ and their platform for information management. We were selected by them not just for the unique capability of our technology but to deliver their information insight swiftly, simply and at scale because of our innovative approach and our ability to react to changing customer requirements. As a company, we pride ourselves on being utterly professional whilst maintaining our belief that people don’t want to deal with ‘the Corporate Entity’, they want to deal with real people who they can work with to solve their business problems.

We partner with the ‘big four’ consulting firms and specialist ‘boutique’ partners to deliver projects and ongoing programmes. Our investors include Amadeus Capital Partners and Winton Ventures, two of Europe’s most respected Venture Capital firms.

Where Do I Start?

The answer is to simply start. The task does not have to be approached as a big bang and no elephants need eating. Exonar can help you plan your approach and the benefits are almost immediate – the index that is created is searchable from day one. Every organisation is different with a balance bias between structured and unstructured data, different employee behaviours and different blends of knowledge and process workers but all yield benefit. The business benefits of action are clear, the rewards tangible and attainable. For the first time, discovering your information advantage is simply and easily achievable.

The first step in the process is to get in touch with Marcus Hill who will organise a walk-through of the platform for you and your team. Marcus can be contacted via 07793 857122 or

In return, you could have peace of mind with regards to your GDPR Compliance, PII, Cloud Migration, Information Security and many other of your data challenges.

Click here to download the PDF version of this guide.





Information Security Solutions

Cloud Migration Solutions

Cloud migration without the risks

Migrating everyday business information to one of the many cloud services such as Box, Dropbox or Office365 makes sense for almost every organisation.

Everyone’s migrating

Even traditionally risk adverse industries such as Finance, Government and Defence are adopting this model as they see the benefits of collaborative working whilst reducing the need to manage infrastructure. However, the question as to what can and should be moved must be addressed during migration projects.

Cloud migration can provide cost savings and productivity improvements.

Migrations equal regulations

Information is increasingly the subject of regulation. From EU GDPR dictating the nations deemed fit to hold EU Citizen data, to UK Government regulating how protectively marked information must be treated, or a hundred other industry specific regulations on how and where information can be stored, a poorly planned cloud migration project will expose your organisation to substantial additional regulatory and financial risk.

Cloud migration without the risks

Understanding what information you have, where it is, how old it is and who has access to it enables you to make sense of your unstructured information and prioritise what information should be de-duplicated, what should be archived, what should be deleted and what should be carried forward to your new cloud infrastructure. The Exonar platform enables you to cleanse information of unwanted and risky information, leaving your staff with just the valued information, properly protected, easily located and accessible within your chosen cloud service.

Download Cloud Governance brochure

CCPA Solutions

Generation privacy has begun

In the last 12 months, data privacy has moved from a niche topic to something talked about at almost every corporation’s board meeting.

The EU GDPR, which came into force on May 25th, 2018, covers data held on any EU citizen and enforced new accountability for organizations processing personal data.

With the legislature passing the California Consumer Privacy Act 2018 (AB 375) on June 29th 2018, there are now a similar set of rules governing most organisations holding data on US Citizens.

Exonar simplifies compliance with the California Consumer Privacy Act (CCPA) by getting right to the heart of the matter: Finding, Mapping and Managing your data.

How Exonar can help with CCPA

Data Mapping and Inventory

Data Subject Access Requests

Data Portability

Enforcing Compliance

Right To Be Forgotten

Meet the Personal Data Privacy dashboard

Exonar’s Privacy dashboard provides a top-down view of your organisation’s information in relation to the EU GDPR and California Consumer Privacy Act (CCPA).

It shows a comprehensive picture of all the data held which is relevant to these laws, where it is held and its characteristics.

This view will take your organisation beyond spreadsheets and interviews, and into the realm of making well-informed decisions, rapidly.

Where Do I Start

Preparing for CCPA will share many characteristics with those undertaken for GDPR:

Assemble the team: Include Executive Sponsors and stakeholders from Legal, Compliance or your data privacy team, people with oversight of you corporation’s technology and it’s security and representatives from the key personal data owners in your business (e.g. HR, Sales, Marketing, Customer Service).

Get started with a data inventory. Prioritise information stores likely to contain personal data and those with poor governance. Be practical, start with those that are easy to create an inventory form.

Don’t rely on your corporation’s answers to questionnaires for your data inventory, or you will get an idealistic view of your risk (your head of marketing is likely to say the personal data they process is in the marketing system, forgetting that it got there via email and has been exported into spreadsheets). You will need technology to do this effectively (and we can help!)

Establish a culture of security and privacy and ingrain this into your day-to-day operations. Communicate a simplified overview of CCPA to the key stakeholders.

Create and practise your business processes that will be required to satisfy the rights of the individual (Access to data, erasure, breach notification).

CCPA versus GDPR

There are many similarities and some key differences between GDPR and CCPA. Here is Exonar’s take:

Basis for consent

GDPR – Opt in

CCPA – Opt out

Who it applies to

GDPR – Any organisation holding personal data on EU citizens

CCPA – For-profit entities that process personal data of California residents and either:

Do $24 million in annual revenue

Hold the personal data of 50,000 people, households, or devices

Do at least half of their revenue in the sale of personal data.

Rights for individuals

GDPR – Access to data being held, right to erasure, correction, object to automated processing. Right to notification if there is a data breach.

CCPA – Right to disclosure and objection relating to who data is being sold to, no discrimination if individual objects to data sold. Right of access to data being held. Right to know how personal data is being used. Right to know who data has been provided to.

When does it come into force

GDPR – May 25, 2018

CCPA – Jan 1, 2020

Financial Penalties

GDPR – 4% of turnover or €20m (whichever is greater)

CCPA – $7,500 per violation. $750 or actual damages for each individual, whichever is greater

Time allowed to respond to a request

1 month

45 days

NB, California resident is defined as, “(1) every individual who is in the State for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State who is outside the State for a temporary or transitory purpose.

The CCPA – The Definitive, Easily Searchable Text

Follow the link below to read the full California Consumer Privacy Act text, with each section clearly marked and searchable.

The legislature passing of the California Consumer Privacy Act 2018 (AB 375) happened on June 29th 2018, and these new rules will now govern most organisations holding data on US Citizens.

Read More

Event Update – Join us for our Exonar meet-up in London

We’re delighted to be partnering with Brown Rudnick who will host a meet-up at their London offices on Tuesday, June 18th.

One year on from the start of the new GDPR regime, Exonar and Brown Rudnick invite you to join us to discuss the trends, issues and lessons learnt from the last 12 months. The session will be followed by a drinks and canpé reception for networking.

Topics will include:

  • Weaponising SARS – litigation friend or foe?
  • GDPR class actions – just around the corner?
  • What data can be excluded from a SAR response?
  • The €50m Google fine

Our panel will feature:

  • Mark Lubbock – Partner (Intellectual Property and Technology), Brown Rudnick
  • Adrian Barrett – CEO & Founder, Exonar
  • Gilbert Hill – CEO, Tap My Data
  • Ben Falk – Founder, Yo-Da
  • Anya Proops, QC – Barrister, 11 Kings Bench Walk
  • (Chair) James Cole – Partner (Corporate), Brown Rudnick

Date: Tuesday 18 June 2019

Venue: Brown Rudnick LLP, 8 Clifford Street, London W1S 2LQ

Time: 18.00 – 21.00

To book your space, please visit:
We hope you can join us!


Free Webinar – The Perfect Privacy Programme. Register Now!

GDPR One Year On: What Does a Perfect Privacy Programme Look Like?

Free Web Conference – Brought to you by Exonar

Broadcast date: 2:00pm, April 24, 2019

One year on from the introduction of the EU General Data Protection Regulation (GDPR), join Exonar and experts from the field in discussing ‘What does a perfect privacy programme look like?’

In this web conference we will hear from our panel of experts as they discuss:

  • What are the necessary components of an enterprise-level privacy programme?
  • How do we optimally assign roles and responsibilities within a privacy programme?
  • How can we most effectively create and manage accurate personal data inventory? (Article 30 – Records of Processing Activities)
  • How do we best monitor for GDPR compliance using both manual and technical controls?
  • What is the best way to deliver privacy training to our employees?
  • What are the most effective tools available to satisfy individual rights? I.e. Subject Access Requests (SARs), Right to be Forgotten, data deletion and retention.

In addition to discussion from the field, our panel will also discuss Exonar’s recent findings based on surveys of 100+ organisations and consumers into:

“What’s Next with Personal Data Inventory?” – Exonar have profiled 100+ organisations’ attempts to create personal data inventory. One year on we ask what monitoring and compliance actions they are now planning to take as a result.

“Consumer Attitudes to Subject Access Requests (SARs): A SARvey” – Exonar have surveyed 100+ consumers to assess their sentiment towards data privacy and the ability to exercise their privacy rights.

There will be a live Q&A session in the final 15 minutes of the webinar so, to avoid missing your chance to contribute, register on the form below:

John Tsopanis, Data and Privacy Director, Exonar

Ralph O’Brien CIPM, Vice Chair UK Data Protection Forum, Principal Reinbo Consulting
Sophie Payne, Customer Success Lead and Data Scientist, Exonar
Ben Falk, CEO of Yo-Da, Your Data


Book your place now:

Missed Our IAPP Webinar? Watch ‘Thriving in Generation Privacy’

Exonar Webinar hosted by the IAPP: ‘Thriving in Generation Privacy: Capitalising on DSAR Data from the Field’. Your chance to view the recorded webinar.

With the introduction of the EU GDPR, the CCPA and other global privacy laws, people have increased expectations of how their personal data will be handled and protected. This is driving up the number of inquiries for data subject access requests and requests to exercise the right to be forgotten. We commissioned our own research into how businesses are coping with the increased demand; the findings of which were remarkable.

First broadcast on the IAPP website on February 7th 2019, watch this recorded webinar to hear from the field about these survey results and more, including:

  • The cost of handling data subject access requests. (UK public sector organisations example).
  • The results of a subject access request to a UK based high street bank
  • How the world’s leading tech companies dealt with recent requests for personal data
  • How organisations are profiting from their privacy programs
  • The toxic data you’re storing and what to do about it
  • How companies have prepared for Generation Privacy and what you can do now.

Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Adrian Barrett, CEO, Exonar
Phil Lee, CIPP/E, CIPM, Partner, Privacy, Security and Data Protection Practice, FieldFisher, London, U.K.
Steve Wright, GDPR Advisor at Bank of England, CEO, Data Privacy Architect, Privacy Culture, London, U.K.

Run time – 60 minutes.

ePrivacy a 2019 Priority – Online tracking regulations to tighten

Sweeping GDPR Fines from German Regulator Send Clear Message; ‘ePrivacy is a 2019 Priority.


A new ePrivacy Regulation that tightens rules for online ‘tracking tools’ such as cookies is expected to replace the ePrivacy Directive in late 2019.

Its importance was emphasised last week when the German DPA (Data Protection Authority) announced that they intend to fine forty organisations for using ‘tracking tools’ on their websites, violating the GDPR.

With ePrivacy Regulation set to tighten GDPR rules on ‘tracking tools’, the announcement of sweeping fines for non-compliant cookie practices under GDPR sends a clear message to organisations in 2019: ‘ePrivacy is a priority’.

How will ePrivacy Regulation seek to protect personal privacy?

The ePrivacy Regulation will outline how organisations must uphold Article 7 of the Charter of Fundamental Rights of the EU which guarantees individuals the right to a private life and private communications.

Where the GDPR has a focus on protecting personal data, ePrivacy Regulation will have a specific focus on protecting personal privacy, seeking to empower individuals to opt-out of unwanted data tracking, processing and digital communications.

The ePrivacy Regulation will be ‘lex specialis’ to the GDPR, detailing specific applications of the rules within the scope of the GDPR. The ePrivacy Regulation will specify rules for the use of:

  • Online tracking technologies
  • Citizen profiling and behavioural advertising
  • Metadata processing and brokerage, i.e. geolocation, IP address and device number
  • IoT – Smart Device communications
  • Spam marketing

Why is protecting personal privacy and the integrity of digital communication important?

The profiling and microtargeting of 87 million UK and US citizens by SCL/AIQ/Cambridge Analytica with disinformation from 2016 onwards has been cited in Parliamentary Enquiries across the world as direct evidence for the need for ePrivacy Regulation.

A vast unregulated network of data tracking technologies, profiling softwares and microtargeting practices has left citizens vulnerable to unsolicited digital influence. These practices leave citizens with little control over who is collecting, analysing and leveraging their personal information for commercial and political gain as they browse the internet.

ePrivacy Regulation will allow for GDPR size fines against firms who perform data tracking without consent which will lead to a collapse in data tracking practices. This will help re-establish establish boundaries between citizens and the private and political actors who wish to influence them. It will also allow citizens to better distinguish between legitimate and illegitimate actors in the online space, and provide a fundamental safeguard to ensure that Article 7 of the Charter of Fundamental Rights of the EU is upheld.

How are regulators signalling that ePrivacy is a priority?

The German DPA has taken a major step towards enforcement on ePrivacy by announcing fines for forty large organisations who were found to be tracking visitors on their websites without appropriate consent. The German DPA audited forty “large websites” from the following industries:

(a) Online retail;
(b) Sports;
(c) Banking & insurance;
(d) Media;
(e) Automotive & electronics;
(f) Home and residential; and
(g) Other.

The investigation showed that all forty websites had non-compliant cookie practices with “tracking tools” inappropriately integrated into their sites.

The three major violations found were:

1. No Active Cookie Consent – Cookies and tracking technologies were gathering data on users before obtaining consent. The German DPA said that most of the forty websites used cookie banners to inform users about cookie usage but none of these banners resulted in active consent being obtained from the user before the cookies gathered user data.

2. No Informed Cookie Consent. Thirty of the forty cookie policies were ‘insufficiently transparent’. The German DPA defines ‘sufficiently transparent’ as: a) individually identifying all cookies/trackers (and presumably the companies behind them); and (b) letting users know the specific purposes for which data collected by the identified cookies will be used.

3. Third Party Processing Without Consent. Most of the 40 websites automatically sent data to third-party cookie providers as soon as a user visited the website.

How will the ePrivacy Regulation affect your organisation?

Organisations will have to adapt their cookie practices to adhere to the new regulation, most likely moving to an explicit and informed opt-in consent mode for advertising cookies. There will also be specific requirements in assessing the legitimacy of third party data processing and brokerage of metadata. Organisations will be required to demonstrate a higher level of due diligence/data auditing for third party data processors and have accurate records of data processing in preparation for heightened scrutiny from regulators.

Free IAPP Web Conference – Registration Now Open

Thriving in Generation Privacy: Capitalising on DSAR Data from the Field

Free IAPP Web Conference – Brought to you by Exonar

Broadcast date: Thursday, February 7, 2019
Time: 8:00–9:00 a.m. PT, 11:00 a.m.–noon ET, 4:00 – 5:00 p.m. GMT

With the introduction of the EU General Data Protection Regulation, the California Consumer Privacy Act and other global privacy laws, people have increased expectations of how their personal data will be handled and protected. This is driving up the number of inquiries for data subject access requests and requests to exercise the right to be forgotten. Exonar recently surveyed a number of organizations to understand how they have been coping with these new and increased privacy control operations, and the results were remarkable.

Join us for this upcoming web conference to hear from the field about these survey results and more, including:

  • The cost of handling data subject access requests. (U.K. public sector organizations example).
  • What the results of a SAR request to a U.K.-based, High Street Bank resulted in.
  • How the world’s leading tech companies dealt with recent requests for personal data.
  • How organizations are profiting from their privacy programs.
  • The toxic data you’re storing and what to do about it.
  • How companies have prepared for Generation Privacy and what you can do now.

Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Adrian Barrett, CEO, Exonar
Phil Lee, CIPP/E, CIPM, Partner, Privacy, Security and Data Protection Practice, FieldFisher, London, U.K.
Steve Wright, GDPR Advisor at Bank of England, CEO, Data Privacy Architect, Privacy Culture, London, U.K.

Book your place now: