Holistic Data for EU GDPR, Dude

Holistic Data for GDPR, Dude

What We’ve been Reading and Writing This Month

GDPR – Myths, Priorities, Toolkits
Plus – Record Breaking Fundraising for Childline
Busting the 5 Big GDPR Myths
Busting the 5 Big GDPR Myths
When a piece of legislation like the GDPR comes along, it makes for a huge amount of noise which can create a lot of confusion. Not everyone has the time or inclination to read the official…
Focus on Five High-Priority Changes to Tackle the EU GDPR
Focus on Five High-Priority Changes to Tackle the EU GDPR
The European General Data Protection Regulation will have a global impact as of 2018. Among the many changes, IT leaders should prioritise efforts where they are most affected. These five high-priority changes help you get up to speed with GDPR requirements.
It's holistic, dude: How to dodge the EU's £17m data...
Sysadmin blog Holistic IT is hard. There are those among us who want to purchase hardware, software, services or so-called turnkey “solutions” – as vendors call them – bearing logos and…
Why Consulting is No Longer Just a Clipboard Exercise
Why Consulting is No Longer Just a Clipboard Exercise
When you engage a consultant to help you with a business issue – what is it that you expect from them? For us, we’d be looking for expertise; strategic insights; challenging thinking….
DPO Toolkit
First, determine whether your organization is required to appoint a DPO under the GDPR. Does the GDPR say you need a DPO? Find out what a DPO looks like, what skills and expertise they…
GDPR – Why It’s About More Than Regulation. Download the White Paper
GDPR – Why It’s About More Than Regulation. Download the White Paper
GDPR is a significant challenge. Concentrating on the Data first can make everything else easier…
Exonar Fundraises with White Hats
Exonar Fundraises with White Hats
A record-breaking £198,000 was raised for Childline at the annual WhiteHat Ball which took place at London’s Lancaster Hotel on Friday 27 January. As more young people are turning to…
Trial Exonar to Understand Your GDPR Data
Trial Exonar to Understand Your GDPR Data
Whether it’s information security, governance, risk or compliance, the Exonar platform can help organisations deal with the growing volumes of unstructured data….

3 Steps to EU GDPR-Ready Information

In one of our earlier blogs we addressed five of the most common myths relating to the GDPR.  At the top of the list was “You don’t have to worry about the GDPR until 2018”.  As we established, and as the ICO pointed out in 2016 in “GDPR – 12 Steps To Take Now”, this is incorrect – organisations need to act immediately, especially those who are currently creating contracts that will be in force when the legislation takes effect.

In the spirit of making the whole process of compliance easier, and focusing on our belief that data management is at the heart of GDPR compliance (you can read more in our whitepaper here) we’ve put together our top three steps to getting your business ready for the GDPR.

Step One: Data Management Begins with Discovery

Before you can implement any processes regarding the treatment of data, and requests for data under GDPR legislation, you must find the data that is within your organisation.

Given how rapidly data is collected, created and stored by organisations, it would be impossible to find this out manually and meaningfully.  What is correct at the beginning of this year could be wildly different in 6 months’ time.

By using Big Data and Machine Learning principles as part of an eDiscovery and data mapping process developed and applied by Exonar, you have the ability to rapidly find and categorise data and to do so on an ongoing basis – keeping you compliant overall rather than at a single point in time.

The added benefit of a digital discovery process is that you can also uncover the unknown data resident in your organisation – something also covered in greater detail in our whitepaper.

Step Two: Classification

Once you’ve found your data, you need to be able to classify it.  Not only for your own corporate governance but also for the purposes of the GDPR which distinguishes between Personal Data and Sensitive Personal Data.  To make sure that your classification is applied consistently, it shouldn’t be left to people to try to remember, or a lengthy guidebook.  Here, Machine Learning and Big Data make sure that nothing is left to chance and that every data point is treated as it should be, every single time.

Step Three: Implement Relevant Processes

Once you have identified and classified your data you have a robust platform upon which to implement your processes.  Given the speed at which discovery and classification can take place when using the Exonar platform, this third step is where you can really apply the skills of your people and any consulting teams that you engage to do the following:

  • Decide which processes are required – this may include:
    • De-duplication
    • Handling of requests for information
    • Handling requests for deletion of data
    • Managing interactions with third-parties and assessing their compliance status
    • Communication of the GDPR and what it means, throughout your organisation
  • Decide which processes can be automated, and which need to be handled by people.

These are just the first three steps in what will be a longer, and ongoing process.  We think that they’re crucial for any organisation that wants to get it right first time.  To find out how Exonar could help you make the right first steps in your journey towards GDPR compliance, get in touch.

The EU GDPR: How to Know What You Don’t Know

Here’s a little challenge for you: can you list how many departments there are within your business?  How about the number of teams that sit within each department?  If that seems too easy, then how about listing the number of databases held by each team?  And if you really want a stretch, how about taking a guess at the number of data points your business holds on individuals.

It’s likely that everybody would know (or, in the case of a large corporate, could find out) the answers to the first two.  The second two can be almost impossible to manually discover.

Some would argue that it’s easy to find the number of databases within a business but what we have discovered during the course of our work is that many organisations have terabytes of unknown data – something we reflect on in our whitepaper “GDPR – Why It’s About More Than Legislation”.

For this blog post, we’re going to focus on just one element – that of unknown data.

The Data That You Know About

Let’s say an organisation has a team for each of the following functions: HR, Finance, Marketing, Sales, Operations and Customer Service.  Each of these teams is likely to have its own master data source.  It could be as straightforward as an SAP ERP system, each of the teams having a discrete Line of Business app or database, plus the company having an overall infrastructure to provide email and collaboration software.  Every interaction leaves a digital marker, and so every piece of data and its movement can be tracked.

If your organisation only has data that it knows about, then if you are asked by an individual to disclose or delete the information you hold on them as part of the GDPR then you should be fine.  Except that you’ve probably got the following:

Data That You Don’t Know About

What the above example doesn’t include are data repositories that many organisations have, but either don’t think about or don’t know that they exist.  These include, but are not limited to:

  • Decommissioned servers that are still holding data
  • Duplicated databases from campaign activity / mergers / roll-outs of new software
  • Data that has been wilfully misused
  • Data shared with a third party as part of a service-delivery contract
  • Emailed data that has been shared innocently or to avoid corporate process
  • Development servers that are not considered as part of the company’s live data estate


















All of the above instances introduce risk and cost to an organisation.  Risk in that confidential information could be leaked, lost, or accessed by unauthorised persons.  Costs come in the form of data breaches that result in legislation, plus remediation costs to fix the weakness in the network / governance process.

Pinning Down Unknown Data

Whilst you may have unknown data, it won’t take teams of consultants or outrageous cost to locate it within your organisation, and neutralise the risk it poses.  At Exonar, we’ve developed a platform that uses Big Data and Machine Learning to track down, identify and classify data – wherever it might be hiding.  We have helped clients to find and retrieve data containing passwords, personally identifying data points and company sensitive information.  We’ve also helped them to find terabytes of duplicated information.  As part of this process, they’ve reduced cost and avoided risk but what is perhaps more important to them organisationally is that they have flushed out what was previously ‘unknown’.

Better Business as Usual

Organisations that have a firm handle on all of their data assets not only have a more stable platform for managing the customer experience, they also have greater knowledge of their overall business.  At a time when businesses are awash with data, the ability to identify it and make it meaningful has far greater impact beyond GDPR compliance, but it’s a good place to start.

Exonar are experts in helping businesses to uncover unknown data, reducing risk and cost.  To find out how we can help you, get in touch.

Why Consulting is No Longer Just a Clipboard Exercise

When you engage a consultant to help you with a business issue – what is it that you expect from them?  For us, we’d be looking for expertise; strategic insights; challenging thinking.  Someone who brings us value that does not yet exist within our business or can offer an alternative view.

What you don’t want a consultant to do is burn time compiling spreadsheets or chasing people for extracts from databases – it’s not only a waste of their skills, it’s an expensive way to undertake this kind of exercise.

At Exonar, we believe in technology enabled consulting where the skills of the consultant are amplified by the fact that they’re focusing on bringing you value, in turn giving you greater value for money.  With the General Data Protection Regulation (GDPR) high on the agenda of many companies (and consulting firms), now is a great time to look at how technology enabled consulting works.

Consulting Approaches to Data Discovery

The Problem with Traditional Methods

A traditional consulting exercise (sometimes referred to as the ‘clipboard method’) requires multiple interviews, collection of data and compiling of reports, all of which takes up considerable amounts of time.  The output of this kind of engagement is only ever as good as the input, what the consultant has been told or can discover, and is only ever the view of a single point in time.  Engagements can become multi-year contracts which fail to keep track with the digital pace at which organisational change takes place.

How Technology Enabled Consulting Helps

By employing digital search techniques, the task of collecting data no longer becomes one that relies on an individual’s ability to search, or to ask the right questions of the right person, at the right time.  Big Data and Machine Learning enable organisations to discover data in an instant, search according to keywords and categorise data in a consistent manner.  The consultant can focus on interpreting results and delivering strategic insights knowing that the source data is accurate and the business can make well-informed decisions, faster.

No More Hidden Data

With terabytes of data on every network, it’s impossible for any one individual to know every data point that they hold.  Acquisitions, duplication, decommissioned servers and even employees leaving the company can lead to data being hidden or lost.  This kind of data could pose a risk to your business either through creating a position of non-compliance, or creating a weakness in your infrastructure that leaves you exposed to hackers or leaks.

Keep Up – Don’t Get Caught Out

With the GDPR placing a heavy responsibility on organisations to ensure they respond to all requests from individuals for information on every piece of data held about them; and specifying that they must have audit trails in place, being able to rapidly identify, classify and structure data is critical.  Given the rate at which organisations capture and use data on individuals, it would be impossible for a person (or a team of people) to keep up.  Specialist consultants will be invaluable in helping you to strategically plan for GDPR, but digital methods are vital for organisations who are serious about compliance.

Investing in the Right Places

At Exonar, we’re serious about helping organisations to achieve GDPR compliance via a technology enabled approach. Our whitepaper will tell you more or simply get in touch to discuss how.