IDC – Exonar Probes Depths Where No GDPR Solution Has Gone Before

Analyst IDC Publishes Insight into Exonar’s Capability to Help Organisation’s Comply with GDPR

Exonar Probes Depths Where No GDPR Solution Has Gone Before June 19, 2017
By: Mark Child, Alex Proskura, Dominic Trott


IDC’s Quick Take

At InfoSec 2017 in London, Exonar briefed IDC on its innovative solution to the challenges of content discovery, classification, and management. Its proposition is built on open source technologies and utilizes advanced methodologies to overcome many of the hurdles faced by traditional DLP and eDiscovery solutions. Exonar’s solution enables companies to get to grips not just with GDPR, but with a much broader set of challenges.

Event Highlights

Exonar’s demo focused on its data discovery, management, and compliance solutions, highlighting high- level dashboard views, as well as tools and capabilities for users to drill down and analyze any component of a company’s data assets. The vendor emphasized the importance of developing processes and mechanisms that ensure compliance is achieved by design and business risk is reduced in the long term.

IDC’s Point of View

Modern organizations face numerous challenges in terms of managing their systems and data. The current era of digital transformation and the shift to 3rd platform architectures are driving a need to focus on securing data rather than ensuring a secure perimeter or border; at the same time, the confluence of users and processes with data and systems means the human aspect and use cases are often as important as technology considerations. Data protection efforts are further complicated by the presence of data not only on a variety of devices, including mobile, but also in a variety of forms. Unstructured data, such as data in emails and office documents, presents a particular challenge. Compliance looms over all of this, with frameworks such as the forthcoming EU General Data Protection Regulation (GDPR) compelling organizations to address many of their data management challenges in the face of a hard schedule and concrete deadline.

Significantly for Exonar, the EU is not the only area where data compliance regulatory requirements are evolving. With markets such as China, Russia, and Singapore also setting out stronger guidelines, Exonar has the opportunity to address a much broader market than just its “home” region of Europe.

Exonar’s development arose from addressing specific needs in the defense and aerospace sectors. In trying to resolve its customers’ requirements, the vendor looked at the information assets component and at data loss prevention (DLP) solutions. However, it saw a key obstacle in that the solutions on the market typically could not understand what they were looking at. Contextual understanding was a challenge. Then it looked at ediscovery solutions to overcome these hurdles, but found major problems with scalability — a critical requirement in modern organizations ramping up to billions of files and documents. As a result, the company opted to develop its own solution and did so using a lot of open source components.

The Exonar solution is built on search technology (the appliance version might be described as “Google in a box”), supported by NoSQL, and is able to handle billions of documents. The solution makes use of machine learning (ML) for context identification; it is delivered to clients pre-trained, but it is further trainable; and it takes into account the document metadata, as well as the content.

Exonar’s solution uses natural language processing for contextual awareness; in other words, it not only looks for specific terms but also the language and structure around them. The language and structure tend to be fairly consistent in many document types (NDAs, CVs, purchase orders, etc.). The solution then creates rules around the location of the file and can make files available only to specific groups, such as HR and finance. It may be described as working on a principle of master data aggregation rather than management.

When it comes to deployment, Exonar’s solution is available on premises as an appliance and hosted in the cloud; it can even be consumed as a managed service. A portable version is also available, although, to date, the on-premises version and the MSP offering provide the most robust functionality. And, as the vendor looks to broaden its reach, it is now opening up its APIs to allow other systems to communicate with it. One of the API integrations that may bring significant benefit is the integration of Exonar with existing document management and email solutions, which could help remediate some of the traditional data protection risks.

Who Needs It?

Exonar reports that its customers come from across the market spectrum — finance, local government, travel and transport, law, and telecommunications. Although the largest portion of Exonar’s customer base is in the U.K., the vendor is fielding more and more inbound enquiries from abroad and is in negotiations with partners in the U.S. and in the Nordics to help manage its expansion. Regarding the drivers of adoption, becoming GDPR compliant is, perhaps unsurprisingly, the number-one reason (by a considerable margin) that organizations are seeking out Exonar. However, as important as cybersecurity is, it comes a distant second to making sure companies do not fall foul of privacy regulators. Exonar has published a white paper on data management and getting to grips with GDPR, which is available here.

What Next?

Exonar’s solution addresses many of the challenges around data management — such as discovering hidden data and dealing with data at the speed it is created — and has emerged at a time when the need has never been greater, with GDPR coming into force in less than a year. The volume of inbound enquiries Exonar is receiving from beyond its core market is testament to the current market need for such a solution and points to rapid expansion over the coming months. Beyond compliance, the solution clearly has tremendous potential from a business enablement and efficiency perspective — drivers that should fuel even further expansion.

©2017 IDC #lcCEMA42801817 3

IDC Research Paper on Exonars Capabilities for GDPR compliance

Find your data. Deal with its legitimacy. And put the controls and monitoring in place.

Stop data dripping away from your control – TechTalk Show podcast

Exonar COO, Julie Evans, discusses how to stop data management getting away from you.

Download the TechTalk Show podcast here.

UK GDPR Preparedness Survey 2017

Most UK businesses on target for GDPR compliance but funds, lack of resource and Brexit are holding the rest back 

  • 77% on course for compliance by May 2018
  • 84% believe that the GDPR will make their business data more secure
  • Time and money issues cited by many as key challenges of compliance
  • 6% wrongly believe that Brexit will overrule the GDPR.

LONDON, August 3rd, 2017 – Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, has announced the results of its UK GDPR Preparedness Survey which found that 77% of respondents say they are on course to be GDPR compliant by May 2018.

The results of the survey were largely positive, with 61% of IT and Data Protection professionals stating they are on course for GDPR compliance (26% have a plan and started preparations, 6% already compliant, 23% ready for May 2018). A further 16% added that they have a plan but have not started to implement it yet.

The survey also found that data security may be the hidden gem behind the GDPR, with a combined 84% stating that they expect their business data will become more secure due to an audit to identify personal data (52%) or as a result of data storage and handling improvements (32%).

However, the results demonstrated that substantial roadblocks will need to be overcome in a short space of time for a large number of businesses. 15% reported that they don’t have the funds to get their GDPR plans off the ground, while 20% say they don’t have time to focus on it. A further 18% admitted that they don’t know where their data is.

Startlingly, 6% are waiting for Brexit in the hope it will mean that GDPR won’t apply to them. Under the terms of the GDPR, UK businesses will still have to comply if the data they handle concerns EU citizens, or has the potential to identify individuals within the EU.

The results also suggest there is some confusion over who will take responsibility for GDPR compliance within a business, as only 29% of respondents had a dedicated Data Protection Officer (DPO).

Most respondents believed that IT holds the data protection role (42%). This is despite the terms of the GDPR, which state that all organisations with more than 250 employees must employ a DPO. This person will be responsible for ensuring that a business collects and secures personal data responsibly.

Exonar’s CEO Adrian Barrett commented: “Although the overall results were positive, significant challenges still remain in the form of time, money and understanding over the reach and implications of the new regulation. It’s clear some companies are shackled and their plans aren’t progressing or even formulated. This situation is often worsened by a lack of project leadership and failure to identify responsibility.

“Businesses must ensure they fully understand the new regulations and, crucially, understand how, where and why their data is currently being processed. For most, a period of data discovery needs to be undertaken before they can put a plan into action and it needs to be done quickly as time is running out. To that end, new technology such as Big Data and Machine Learning will prove invaluable in speeding up the first steps to secure data handling.”

To download the full report, click here.

About Exonar

Exonar solves a problem common to all organisations and their senior information owners, “I just don’t know what data I’ve got”. The Exonar solution discovers and interprets an organisation’s data, identifying issues, reducing risk and making it more productive and secure. Exonar has received £3.3m in investment to date from a mixture of experienced business Angels, Winton Ventures and Amadeus Capital Partners. Visit us at or follow us @Exonar.

The future of privacy compliance

On Tuesday 19 September, Simmons & Simmons are hosting a panel discussion devoted to technology solutions and addressing privacy challenges. The competing challenges and interests of greater regulatory requirements, heightened consumer concerns and greater commercial value of data, make finding new solutions and ways of dealing with data ever more important.

Alex Brown (Partner, ICT) will host and moderate the session and, amongst a technologically distinguished panel, will be Adrian Barrett (Founder and CEO) of Exonar. Canapés and drinks will follow.

Register for your place here.

Whose Customer is it Anyway?

Once upon a time customers belonged to Customer Services but things are changing around the board table – Coca Cola recently replaced their Chief Marketing Officer (CMO) with a Chief Growth Officer (CGO) and over the past few years we’ve witnessed a trend of companies substituting the role of Chief Information Officer (CIO) for that of a Chief Customer Officer (CCO).

These changes suggest that it’s no longer enough to have roles focusing solely on managing internal tools or processes – organisations want to make sure that the customer is placed firmly at the heart of the business and in such a way that outcomes relating to customer interactions can be meaningfully measured on a daily basis (not once a year via a satisfaction survey).

So, in an environment where multiple members of the executive team are being compensated on customer metrics, who actually owns the relationship?

Mine, mine, mine!

When it comes to deciding who owns the customer relationship, you could end up with this argument around the table:

The Chief Operating Officer (COO) will tell you that her teams face into the customer and are therefore the guardians of the customer relationship.

The CMO will tell you that by making sure he owns all customer communications, you’ll have access to richer customer analytics and data that will increase customer revenue and satisfaction via improved marketing effectiveness.

The CCO will remind you that she is responsible for growing customer revenue and therefore ultimately owns customers as a segment.

Customer Ownership vs Compliance Responsibility

One thing that not everyone will put their hand up for is the responsibility of customer data compliancy.  It’s entirely possible that in this instance everyone will point at the CIO (assuming that his title hasn’t changed) because he owns the infrastructure where all the data is held and manages the rules around security.  With every member of the business potentially putting customer data into the infrastructure, he’s unlikely to agree that the responsibility is solely his.  And it’s not just a job for the Legal team either.

A Single Data Set = Joint Ownership

Whilst there may be argument on ownership of relationship vs responsibility for compliance, the one area where you will find agreement is the nirvana of a Single Customer View and the General Data Protection Regulation (GDPR) could be your way to move towards it.

A Beneficial Piece of Legislation

We believe the GDPR could be the trigger for organisations to realise incredible business benefits because at it’s heart is the need for robust data management.  Using Big Data and Machine Learning principals to deliver data management and intelligent classification, it’s now possible for an organisation to take control of it’s data assets in a fraction of the time of traditional consulting methods.  This approach enables organisations to create one, secure, trusted dataset with policies enforced on a low-touch / automated basis giving you real-time:

  • Customer insights
  • Control over data usage
  • Opportunities to deliver a great customer experience
  • Ability to make decisions that increase profitability.

Ownership for All

By using GDPR as a means to kick-start a process of complete data management that is designed to drive the business forward, it gives organisations not only the impetus to address forthcoming legislation in a positive manner, but also the opportunity for the entire Board to compete for the crown of being the most customer-centred person in the business – and with access to the right data to prove it.

This is just a snapshot of how we believe taking a proactive data-centric approach to GDPR could benefit your business.  To find out how you could use GDPR to place the customer at the heart of your business, either download our whitepaper here:  or drop us a line at

GDPR:Where do I start?

GDPR: Where do I start

The new European General Data Protection Regulation (GDPR) regulations mean that any organisation, big or small, will need to comply with new rules regarding the collection, storage and usage of personal information regarding EU citizens.

But reports have suggested that many IT security professionals are either not preparing or are unaware of any changes that need to be made to their business processes in order to ensure compliance.

This article answers the questions on where to start and gives a simple framework for getting started.

Manageable Data in Moments

Over the past six months your LinkedIn feed will have told you that GDPR is coming and that you and your compliance, audit and IT teams have a myriad of actions to meet the forthcoming Regulation.  But where’s the upside?

Rather than focus on fear, uncertainty and doubt, we like to emphasise advantages.  At the heart of successful GDPR compliance is data management, and data management brings with it some tangible opportunities for your business – from getting your data in peak condition to delivering an even greater customer experience.

Data Portability

Under GDPR, individuals have the right to Data Portability.  This means that you must provide individuals with the ability to obtain and reuse the data you hold on them across different services (for example, allowing individuals to securely port data to cost comparison sites).

Using Big Data and Machine Learning data management capabilities, you’ll be able to discover and segment your data assets easily, setting your business up to provide individuals with the ability to leverage the data you hold for their personal benefit – and providing you with extra customer loyalty points in the process.

The Right to be Forgotten

If an individual really wants nothing to do with your organisation any more, then under GDPR they have the right to be forgotten.  So, if an individual asks you to ‘forget’ them, you are obliged to delete any personal data relating to them where there is no legal reason for its continued processing.  This can extend to the sharing of this data with third parties.

Putting in place a process that will enable you to rapidly pinpoint the relevant data and remove it means that rather than dreading requests, they become the trigger for a swift operation that can be carried out with confidence.

With an automated approach, this activity removes the traditionally tedious manual exercise and becomes low-impact to the business delivering a straightforward process to the individual.  It also provides you with the added benefit of removing data that is no longer useful.

Data Security

Data breaches create havoc for individuals and organisations and generate headlines that can lead to enormous reputational damage.  A key benefit to undertaking a thorough data discovery and management exercise in preparation for GDPR is the additional security this will bring to your organisation:

  1. Data discovery will help you to find unstructured (or ‘hidden’) data. It is not unusual to find up to 10GB of unstructured data per employee.  Removing this creates TB of space in your infrastructure and allows you to actively address security risks.
  2. Intelligent classification will enable you to make sure all sensitive or confidential data is appropriately segmented and subject to correct security procedures.
  3. Data management processes powered by Machine Learning and Big Data principles will allow you to automate tasks that could historically be open to human error.

By taking a proactive approach to security, you’ll be able to find and address weaknesses early giving you a story that will increase customer confidence.

Freedom of Information / Subject Access Requests

Whether a public authority with an obligation to respond to Freedom of Information requests, or a private sector company with obligations under GDPR, the ability to rapidly and consistently handle requests for information from individuals is crucial for compliance.

Addressing this with manual methods is time consuming and costly.  By implementing data discovery, intelligent classification and data management protocols using software, this task becomes near-automated and does not disrupt day-to-day business.

Data Inventory

One of the ways in which many organisations are benefitting from an early approach to GDPR compliance via data management is their ability to create a detailed data inventory.  We liken it to the rigour that organisations apply to managing their finances.  By establishing a baseline of your data assets, classifying them appropriately, discarding duplicated data, then setting processes in place for ongoing management, you have a data set that is accurate on a near real-time basis.  This delivers a raft of data-centric business benefits:

  • Insight into a single view of the customer
  • Insights into customer / supplier behaviour
  • Accurate reporting
  • Insights into opportunities to streamline / automate processes

This is just a summary of how we believe taking a proactive data-centric approach to GDPR could benefit your business.  To find out how you could achieve manageable data in moments, either download our whitepaper here:  or drop us a line at

Getting to Grips with GDPR

Getting to Grips with GDPR

What We’ve Been Reading And Writing This Month

GDPR – companies are ramping up their GDPR budgets
Plus – If you are visiting Infosec, check out our tips for the hot topics
It all starts with Data Discovery
It all starts with Data Discovery
This articles aim is to filter the GDPR noise down to a considered conversation that focuses on what’s important to your business and how you can take the appropriate steps to deliver a positive GDPR outcome.
Pulse Survey: US Companies ramping up GDPR budgets
Pulse Survey: US Companies ramping up GDPR budgets
A recent PwC pulse survey asked C-suite executives from large American multinationals about the state of their plans for Europe’s landmark General Data Protection Regulation (GDPR).
Our Tips for the Hot Topics at Infosec 2017
Our Tips for the Hot Topics at Infosec 2017
We’re exhibiting at Infosec this week and these are the hot topics we are looking forward to hearing about. If you are there, come along and see us on stand S07.
The DPO role: A quick survey
A recent survey by the IAPP asks what are the essential job skills and the appropriate professions of Data Protection Officers under the GDPR.
Get our free GDPR report
Get a free GDPR report
Want to know what your peers are planning for GDPR? Fill out this short survey and we will send you a free GDPR report.
Where Do I Start with General Data Protection Regulation?
This article gives insight into what you need to know about the regulation before you start and provides a simple framework for approaching GDPR.
GDPR Awareness Coalition
GDPR Awareness Coalition
The GDPR Awareness Coalition is a great place to start your GDPR journey, there’s lots of tips, recommendations and shareable infographics to help get that stakeholder buy in.
The utterly unrelated section.15 forgotten tech sounds you just don`t hear any more

The utterly unrelated section.

15 forgotten tech sounds you just don’t hear any more
Wallow in the beeps and buzzes of yesteryear, with these extinct sounds of tech

It all starts with Data Discovery

The noise around GDPR is increasing as organisations including Microsoft and Google set out their plans for complying with legislation.  Our aim is to filter that noise down to a considered conversation that focuses on what’s important to your business and how you can take the appropriate steps to deliver a positive GDPR outcome.  The following extract from our whitepaper illustrates how starting with what you know is the first step in the process.

Starting with What You Know

Most organisations have distinct functional areas with distinct processes and tools for holding data on individuals.  A simple table such as the one below provides an overview of the most common business functions, and the types of data they hold.

Once this initial dataset is understood, it becomes important to identify what is personal data and what is not.  This is further broken down into data that could be used to identify an individual, and information that would be classified as sensitive.

With GDPR, these definitions of data have been broadened to reflect the ways in which many organisations now retrieve and store information.

This broadening may result in additional compliance obligations for organisations.  The below provides an illustration of how this change will play out.



A Process of Data Discovery

Of course, starting with what you know only works if you know what data you have.  What GDPR forces business leaders to consider is where every single piece of personal data is across their IT estate – including the Cloud.  Taken in this context, the question of the data that an organisation holds on individuals becomes a complex one to answer, and one that is going to require time, resource and budget.

A thorough approach to data discovery, properly implemented, will lead you to data that you did not know about – offering not only a great start to GDPR compliance but also the opportunity to uncover and resolve data that is ‘hiding’ throughout your network, including company sensitive information, personally identifiable data and duplicated information.

To find out more about our approach to GDPR and how we can help your business use the legislation as an opportunity for business growth through great data management – download our whitepaper here: or get in touch at


Our Tips for the Hot Topics at Infosec 2017

Infosec Europe 2017 – Our Tip for the Hot Topics

In the run up to Infosec 2017, the key to making your visit successful is preparation.  Keynotes fill up fast and with over 18,000 attendees and 195 sessions you could spend half your time trekking across Olympia if you don’t carefully plot your course.

Part of our preparation at Exonar has been considering the topics that we think will be the most talked-about so when some of our team are not manning our stand in the Cyber Innovation Zone, we’ll be making sure we get to the best sessions first.


We’re looking forward to hearing a range of viewpoints on what the way forward is since the initial furore has died down (and in anticipation that there won’t be another attack before the event).  We expect interesting discussions around public / private sector partnership in ways that combine the moral and the commercial.


There will no doubt be increased focus on the inherent risk present in the increasing number of connected devices – especially given the recent launch of Google Home.  Research from Statista suggests there will be 31 billion connected devices by 2020 which makes the potential impact of a wide-ranging DDOS one that is impossible to ignore.

General Data Protection Regulation (GDPR)

We see GDPR as having the potential to deliver enormous benefits to organisations when it comes to data security.  The process of data discovery and management that’s required to comply with the regulation gives organisations the opportunity to find the data that’s an asset, and remove any data that poses an unwanted risk.  Download our whitepaper to find out more.

Legal Responsibilities

Who takes the blame when there’s a breach?  Organisations providing technical services and solutions need to be clear about their liabilities, and we expect consumers in particular to start demanding greater clarity.  GDPR goes some way to help define boundaries and obligations but we also expect to see an upsurge in claim handling companies who sniff an opportunity.


Alongside businesses ready to go to court on behalf of victims of data breaches, we expect to see cyber-security insurance products and services become a market of its own.  We’ll be listening out for the views from the anti-virus vendors on what they think could happen next.

Planning to visit Infosec and want to find out more about how a data-first approach could help your business become GDPR compliant?  Come and see us on Stand S07 in the Cyber Security Zone.  Or if you’d like to get to know us a little better first, drop us a line at