Posts

Privacy Data: The Final Frontier? The latest from Exonar

Privacy Data: The Final Frontier?

What We’ve Been Reading And Writing This Month

The Future of Privacy Data
Plus – Attend Simmons & Simmons ‘The Future of Privacy Compliance Seminar’
IDC Insight - Exonar Probes Depths Where No GDPR Solution Has...
Analyst IDC Publishes Insight into Exonar’s Capability to Help Organisation’s Comply with GDPR. Exonar Probes Depths Where No GDPR Solution Has Gone Before June 19, 2017 By: Mark Child, Alex…
The future of privacy compliance
The future of privacy compliance
On Tuesday 19 September, Simmons & Simmons are hosting a panel discussion devoted to technology solutions and addressing privacy challenges. The competing challenges and interests of…
How the GDPR will disrupt Google and Facebook
How GDPR will disrupt Google & Facebook
Google and Facebook will be disrupted by the new European data protection rules that are due to apply in May 2018. This note explains how. Google and Facebook will be unable to use the…
Subject access requests: revised guidance from the ICO -...
Exonar’s UK GDPR Preparedness Survey – Key Trends and Challenges With less than a year until the implementation of the General Data Protection Regulation (GDPR) in May 2018, Exonar surveyed…
Get our free GDPR report
As Panopticon devotees will know, the early months of 2017 brought a flurry of judgments about subject access requests – most importantly, in the Dawson-Damer and Ittihadieh/Deer cases. The…
The EU GDPR - The Definitive, Easily Searchable Text - Exonar
Full acknowledgement to the gdpr-info.eu project who have a neatly arranged, easily searchable PDF version of the General Data Protection Regulation (GDPR) including its recitals. The EU…
We Are Hiring - Marketing Executive - Exonar
We Are Hiring – Marketing Executive
Are you our next Marketing Executive? An exciting startup software business, we’re looking for an ambitious marketer to take responsibility for creating and delivering our marketing…
Heineken Pet
The Totally Unrelated Section: Heineken Pet
Staying with the spin on Star Trek slogans (but ignoring grammatical debate over split infinitives), remember the Heineken “refreshes the parts other beers cannot reach” ads?

Intelligent Shortcuts to GDPR Compliance

Intelligent Shortcuts to GDPR Compliance


What We’ve been Reading and Writing This Month

GDPR – 94% of Top 200 Companies Already Preparing
Plus – In ‘Utterly Unrelated’, Remember Johnny Castaway?
3 Steps to GDPR-Ready Information - Exonar
In one of our earlier blogs we addressed five of the most common myths relating to the GDPR. At the top of the list was “You don’t have to worry about the GDPR until 2018”. As we…
94% of Privacy Pros in the Know Aren’t Waiting for Brexit: They’re Preparing for the GDPR
94% of Privacy Pros in the Know Aren’t Waiting for Brexit: They’re Preparing for the GDPR
Privacy professionals in the U.K. are not standing idle while they wait for the U.K. to clarify data protection law post-Brexit.
The world's leading privacy pros talk GDPR with El Reg
Interview You know, we know, everyone knows… the EU’s General Data Protection Regulation goes into effect May of next year for every member of the European Union, and that will include…
The EU GDPR: How to Know What You Don't Know - Exonar
Here’s a little challenge for you: can you list how many departments there are within your business? How about the number of teams that sit within each department? If that seems too easy,…
Preparing for the GDPR 12 Steps to Take Now
Preparing for the GDPR 12 Steps to Take Now
The ICO’s checklist highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018.
Machine Learning & Big Data Harnessed to Achieve GDPR Compliance...
Machine Learning & Big Data Harnessed to Achieve GDPR Compliance…
Ask anyone with responsibility for corporate compliance, company data or customer information what is keeping them awake at night and the answer is likely to be the EU General Data…
GDPR – Why It’s About More Than Regulation. Download the White Paper
GDPR – Why It’s About More Than Regulation. Download the White Paper
GDPR is a significant challenge. Concentrating on the Data first can make everything else easier…
The Utterly Unrelated Section - Johnny Castaway: The story!

The Utterly Unrelated Section –

Johnny Castaway: The story!
Most people don’t know the story of the screensaver Johnny Castaway, a story which takes place over the timespan of 11 days. The story scenes are rarely and randomly shown on the…

What We’ve Been Reading & Writing This Month

GDPR


What We’ve been Reading and Writing This Month

The Impact of GDPR, Data Protection and Brexit.
Plus – Jobs, Meetups and our Perspective on GDPR
Top 10 operational impacts of the GDPR: Part 1 - data security...
The new General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each member state and…
Will Brexit impact GDPR and data protection rules?
In the aftermath of Brexit, here are five steps your company can take to be prepared for any changes in data protection rules and regulations
The General Data Protection Regulation still stands after Brexit. 
The General Data Protection Regulation still stands after Brexit.
It’s been an interesting few months for the United Kingdom and Europe. As we enter the second half of 2016, not only did we make an early exit from the Football Euro’s but we also took a…
General Data Protection Regulation: getting GDPR ready by 2018
Gavin Siggers, Director of Professional Services, Iron Mountain A lot can happen in two years. By 2018 we are expected to have witnessed the first human head transplant, Adobe Flash is…
Will There Still Be Anonymous Data After GDPR.
Will There Still Be Anonymous Data After GDPR.
What’s the deal with rules and regulations surrounding anonymous data in the new EU GDPR? Prof Dr Christoph Bauer and Dr Frank Eickmeier (both pictured), ePrivacy GmbH explain for…
UK tech firm swoops on HP software unit in £6.6bn deal - BBC...
Newbury continues it’s bid to become the Technology hub of the UK…
Exonar Are Hiring - Marketing Manager - Exonar
Are you our next Marketing Manager? An exciting startup software business, we’re looking for an ambitious marketer to take responsibility for creating and delivering our marketing…
Cloud Application and Using 3D on the Web Summer Meet up 2016
Last month Exonar hosted the fourth event of ‘Silicon Canal, Newbury’ Meetup. The Meetups were started with the intent of connecting IT professionals and passionates with different…
4 Questions, All The Answers. What You Need to Know About GDPR -...
GDPR seems to be on everyone’s lips at the moment. While the regulation doesn’t come into force until 2018, preparation has already begun for many organisations. For some, however, GDPR…

4 Questions, All The Answers. What You Need to Know About GDPR

GDPR seems to be on everyone’s lips at the moment. While the regulation doesn’t come into force until 2018, preparation has already begun for many organisations. For some, however, GDPR still raises a number of questions and queries.

We asked the former Head of Fraud, Risk and Security for Vodafone UK and now Exonar’s Chief Operating Officer, Julie Evans, what GDPR means for Exonar, what we will be doing about it and what the potential implications for other UK businesses are.

What does GDPR Mean to Us and Our Clients?

GDPR significantly increases the level of proactive management of Personally Identifiable Information (PII). It increases the requirements on any organisation that deals with the personal information of EU citizen customers or employees. The fact is that no-one is clear on what the post-Brexit world of GDPR will look like in the UK but it will still impact most UK organisations.

The UK exit from the EU will not be complete before GDPR is implemented. There will be a significant period of overlap following the triggering of article 50 and, even after Brexit, there is a strong possibility that similar regulations will be sought by the ICO and demanded by international companies who will look for ‘adequacy’ in UK law to ensure that the UK can compete and operate seamlessly across Europe and the world. Further, GDPR requires adequate privacy protection in states outside the EU, if EU companies are to store their data there. In all, it seems nearly inconceivable that privacy of personal information will not be a significant factor in the coming years.

As well as increasing privacy requirements, GDPR introduces significant penalties for non-compliance and also broadens the scope of what is considered PII. Although somewhat lacking in absolute clarity, the Regulations define PII as being information that enables the identification of a person.

What does GDPR mean for Exonar?

As a relatively new company Exonar is not burdened by legacy of old IT infrastructure although we must ensure the way we hold data is compliant with GDPR. For us, this is primarily employee and shareholder data. In common with most organisations the first task is to find and create a register of the data. Even a relatively small organisation like Exonar uses multiple different platforms to store information; documents, spreadsheets, PDFs and presentations, located across file shares, email and in cloud drives. It’s not an insignificant issue, however, we do at least have our own Exonar software at our fingertips to enable us to map where this information is being stored.

As well as identifying where all of our PII is, we’ll also need to designate the role of Data Protection Officer (DPO), an individual within our organisation directly tasked with identifying and protecting individual’s information within our organisation, it does not need to be a full time role but there must be clarity of accountability and we are re-apportioning our job roles to accommodate this requirement.

How can We and Other Organisations get Ready for GDPR?

Understanding the key changes proposed by GDPR is the first step in understanding how to be compliant with the regulations. The table below (courtesy of consulting firm EY) highlights the key areas that need addressing:

Depending on the level of organisational maturity, the new regulations could therefore demand changes to resourcing, training, process definition, applications as well as how the data is handled. The requirements could be significant.

How Is Exonar Going About GDPR Compliance?

I am confident that the leadership team of any organisation would tell you that they would love to have the insight to their customer journey from a customer perspective. GDPR for us is a fantastic opportunity to use our own product and to experience the output. We have set up the ‘discover’ phase of the Exonar journey to crawl all of our data stores. Given that we only hold a couple of terabytes of data we achieved this in our first afternoon.

Our next phase is to ‘understand’ what we ‘discovered’, determining what PII was where, who put it there and why. We’re able to do this through the use of our software’s querying function, it’s “Find More Like This” capability for identifying all data relevant to a topic and the results graphs and charts that show me what information we have, in what format it’s in and in which application of filestore it’s been put.

Now I know what I’ve got I can act upon it so our next phase in GDPR readiness is to review our policy and process as well as our use of applications and communicate our recommendations clearly to the whole team. It does take time so it’s perhaps a good thing that we are not leaving compliance with GDPR until the last minute…

What We’ve Been Reading And Writing This Month

Data Protection

                                       What We’ve been Reading and Writing This Month

Data Exposure, Protection Law and Passwords
At the End – Know Anyone We Can Recruit?
Brexit: Implications for Data Protection Law
Dan Tench, Partner at Olswang LLP, here reflects on the implications of the recent Brexit vote in the UK on data protection law. For months, data protection lawyers have been warning…
WhatsApp Privacy Fears as Deleted Chats Are Recovered
WhatsApp chats can still be retrieved even if users think they’ve completely deleted or cleared them, according to new research. Security researcher, Jonathan Zdziarski, claimed that even…
Wolverhampton Council Blunder Exposes Data
Wolverhampton council is the latest local authority to have its knuckles wrapped by the Information Commissioner’s Office (ICO) after a data handling blunder led to it exposing the…
The Data Protection Dustbin: Safely Disposing of Personal Data
A recent article by Kevin Townsend picks up on a report by Blancco Technology Group suggesting that ‘78% of second-hand hard drives purchased from eBay and Craigslist now contain…
Defensible Disposal: You Can't Keep All Your Data Forever
Guest post written by Deidre Paknad Deidre Paknad is founder of the Compliance, Governance and Oversight Counsel and Director of Information Lifecycle Governance Solutions at IBM. Deidre…
Yes, the passwords to many of your systems ARE stored in...
The interview- the cause of the Sony hack in 2014? At organisations ranging from small governmental bodies to large Fortune 500 companies we’ve found dozens through to tens of thousands of…
Start a meetup, you might be surprised what happens - Exonar
Exonar ended up in Newbury, Berkshire, for carefully considered, statistically sound, scientific reasons. Company legend has it that the early employees sat round a dining table, used…
Think you've got what it takes? Exonar are hiring - Professional Services Lead wanted. 
Think you’ve got what it takes? Exonar are hiring – Professional Services Lead wanted.
Professional Services Lead Reporting to: Julie Evans, Chief Operating Officer Job Purpose With support from the leadership team accountable for client outcomes post sale, through programme…
Have a flair for development? Exonar are hiring - Junior Dev Ops Engineer wanted.
Have a flair for development? Exonar are hiring – Junior Dev Ops Engineer wanted.
Exonar is looking for talented individuals to join our dynamic team. JUNIOR DEV OPS ENGINEER POSITION Why Exonar? Exonar recognises that the key to information security in an organisation…

Another Day, Another Event – This Time, Privacy

With another day comes another event for Exonar, this time it was Privacy: The Competitive Advantage. Hosted in Microsoft’s Paddington office, the event was conceived to highlight the state of play in data protection and the safeguards put in place. As John Taysom, Senior ALI fellow at Harvard University, reminded all in attendance; ‘Big Data is a Euphemism for data about you.’ With this in mind, we are reminded that it has now become cheaper to store data permanently rather than to actually find personal data and delete it. With potential fines of up to 4% of global revenue if companies disregard data privacy and are found to have negligently lost person data on EU citizens in GDPR, solutions are needed.

Silicon Valley companies realised early on that data is the new capital and in response cornered the market in a relatively short period of time. With this in mind the EU is fighting back and could create a serious challenge to the current data ‘land grab’. They state that no data is allowed to leave the EU and be targeted by third parties without consent. It is in light of this that data management now requires a change of culture and mindset; companies who hold personal data may be liable to huge fines should the regulators deem companies are complicit in abusing the personal information.

One of the main themes of the day considered how the individual can leverage their data value when their data is only valuable when compared with a significant volume of data. ARM’s Ian Ferguson shed light on the fact that personal data is owned by the individual and needs to be shared only with their consent, meanwhile the Industry needs to gain trust and secure the data. Highlighting the fact that hackers will find a backdoor and that Data leaks are a problem, Ferguson went on to reiterate that the industry needs to earn the right to hold your data and should lose that right if they cannot secure it. Amit Pau from Ariadne Capital sees opportunity in data privacy and a change of world order. Millennials are deemed much more savvy and able to recognise that they, the consumer, are in control of their personal data. If they get value from apps then they will expect companies to exploit that.

Steve Wood, head of Policy Delivery at the ICO, presented the facts, that fines represent a significant increase on the previous maximum fine of £500K.  Data controllers need to demonstrate how they comply with the law and an implementation plan for data Privacy. With this in mind, the event illustrated the fact that legislation is catching up with the market for data and it is trying to readdress the balance of exploitation for benefit or the protection of the European public. We should hope that in a post Brexit world the data of British citizens is equally looked after.
By Jason Phelps