CIO Solutions

Harness your data – unlock your assets

Gartner’s 2018 CIO Survey (above) plainly reveals that the job of the CIO is changing. As digitalisation
and innovation put more emphasis on the information rather than the technology in “IT,” the CIO’s role is transforming from delivery executive to business executive. They must now control costs and re- engineer processes to drive revenue and exploit data.

So, how does a CIO transform their organisation to help drive revenue and the exploitation of data whilst controlling costs and facilitating these business objectives?

According to The Economist ‘the world’s most valuable resource is no longer oil, but data’. Therefore, the Chief Information Officer should be an organisation’s most valuable asset. However, many are struggling to operate at their full potential. Time and again, strategies are defined and goals are set but the fundamental data question remains –

“I don’t even understand what data I’ve got. Where do I start so I can begin using it?”

By answering this seemingly simple yet complex question, CIO’s are able to advance the objectives of their business, transforming the model whilst supporting the digital agenda.

Often seen as a risk, we want to demonstrate that rather than being something to be concerned about, data can be controlled and turned into an asset.

The Issues With Today’s Solutions

If ‘data is the new oil’, then the ability to use the information we hold about our customers and businesses appropriately and in context is the key to digital transformation and organisational success. In this new world, the ability to remove friction from the customer journey whilst efficiently ensuring the safety and security of the data becomes paramount.

If we assume that to harness and control data we first need to know what we have, we can see that there are a number of approaches currently being deployed to establish a foundation:

  • Clipboard exercises interviewing line management to ascertain where the organisation thinks its data should be and what the data flows should look like. Time intensive, often requiring external consultants and delivering an espoused view as opposed to reality often facets this approach.
  • Tackling structured data with a barrage of queries often yields results but precludes all of the unstructured data both within those structured sources (like CRM systems) and the ‘Wild West’ of shared drives, email platforms, cloud storage systems and ‘servers under a desk in Stoke’.
  • eDiscovery systems can be deployed to try and forensically assess what data is out there. Expensive, restricted and with an inability to respond quickly, these systems only get a partial job done. Our system reduces the size of your data lake, minimising Data Analyst’s effort to complete the task.
  • Data Governance Solutions are utilised to try and control users and their access to, and use of, information. Largely focusing around directories and fileshares but with rules and some AI, these tools do their job but on a limited set of data up to a capped scale with some, but often restricted, insight into what’s going on with the information estate.
  • Data Loss Prevention (DLP) platforms are acquired to get control on the data and how it flows. Expensive, lengthy and with inflexible rule matrices that can often take 2 years to develop and can become obsolete in an instant means that this ‘hard code’ approach to try and tag and bag data to get it under control and understood often falls short of the overall goals.
  • Data Management platforms like Hortonworks provide powerful tools to leverage data and understand it. However, they are often mired in lengthy development cycles and require hard-to- recruit and retain developers and technologists.
  • ‘Traditional’ storage systems such as a SAN allow organisations to easily add data capacity but not to automatically manage or control information based on content and therefore relevance.

Click here to download the PDF version of this guide.

The Smart Alternative

The diagram below provides an architectural overview of the Exonar Information IntelligenceTM platform and how this platform has been harnessed to create a new concept in data management – Search Optimised Smart Storage (SOSS).

Exonar Search Optimised Smart Storage

The verb SOSS means ‘to move gently’. The movement of data, or data control, within an organisation is crucial not only for controlling Total Cost of Ownership (TCO) but also for utilising information as an asset and managing information as a risk.

Search Optimised Smart Storage (SOSS) from Exonar allows intelligent data control policies to be defined through the powerful and flexible search capabilities inherent in the Exonar Platform. SOSS provides the capability to automatically move data to the right location with the right performance and protection based on the data’s content, metadata and importantly, its value and risk. Crucially, SOSS moves data gently enough that it always remains searchable, discoverable and accessible to the right set of people and applications.

SOSS Platform Capabilities

  • Optimising TCO and performance for frequently accessed data through smart storage tiering.
  • Placing verbose or repeated data into Deduplicated and Compressed storage locations.
  • Moving important data to storage locations with DR policies that define data appropriate Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).
  • Reducing TCO for orphaned, stale and rarely accessed data by moving from ‘hot’ to ‘warm’ or ‘cold’ storage (e.g. cloud storage).
  • Protect sensitive data by moving it to an encrypted and access restricted storage location.
  • Retention and records management via search based retention policies that control not only where data is kept but how long it is kept for.
  • Enable rapid data production for regulatory production (such as GDPR Subject Access Requests)

But How?

The Exonar platform is uniquely positioned to combine massive scalability, speed and data ingestion from almost any source. It has the ability to interrogate and analyse content rich data in bulk or at the level of an individual item, in near-real time. This is delivered on a clustered and resilient software and hardware platform that can economically scale to a range of customer data requirements and sizes; from around 100,000 up to billions of items. Exonar’s platform provides: integration, coordination and deployment of scalable big-data technology on commodity hardware, the use of Machine Learning and natural language processing techniques to understand and classify information, and the use of indexing and a user-experience layer to provide insight for our clients, with security always top of mind.

The vast amounts of data and variety of usage patterns pose a number of challenges:

Data presentation – users are provided the high level insight they need as well as an ability to zoom in and work with individual documents.
Finding the needle in a haystack – users can easily locate that one document they care most about amongst 10s or 100s of millions of documents in their organisation. This requires a powerful search interface, flexible schema and fast response times. An intelligent platform backed by Machine Learning makes it possible to automate processes which otherwise would require a huge amount of manual processing.
Scalability – the high volume and variety of data and fast rate of growth put Exonar firmly in the Big Data category. As our customers’ data volumes increase, the platform is designed to scale up with the volume.
Evolving requirements – we are able to quickly react to the needs of our customers and pivot when necessary. Using open source components at the core of our platform enables us to take features to market quickly, focus on solving the most pertinent problems and provides clients with the assurance of long term utility should Exonar no longer exist.

Exonar has an open framework that can connect to all of the most frequently used business information systems. Implementation is rapid and the platform delivers results from day one of installation. We employ a layered architecture which takes data from external systems and applies a series of processes to understand and index it, making it available for interrogation by users and other systems. For organisations with more complex environments, custom connectors are created to integrate legacy systems data into this new environment. The platform doesn’t need an analyst to operate it and is accessible by a regular business with a half day of training.
Exonar is provided as a scalable appliance. It is licensed on an annual basis against the amount of data indexed, with sliding scale discounts applying to larger data volumes, and includes all hardware and software support and maintenance as well as product updates.

Leveraging The Exonar Platform

Clients are deploying the Exonar platform to solve a range of business imperatives, such as:

Data Privacy

  • Achieve and maintain compliance with Data Privacy regulation like GDPR, CCPA and POPI
  • Process access requests for personal data in minutes, not days
  • Create a Data Inventory of ALL your data.

Partner Data Indexing

  • Reduce costs in limiting time finding your partner data
  • Index data remotely, improving operational efficiency.

Cloud Bloat

  • Detect cloud data classified as ‘digital litter’ – duplicated, outdated and trivial
  • Organise information to speed up usability, efficiency and governance.

Records Management

  • Assemble practical intelligence on data and file location and sensitivity
  • Drill into specific files of the same subject, regardless of location and format.

Information Security

  • Discover and understand your sensitive information, what it is, where it is and who has access to it to ensure it can be properly and appropriately protected.

Data Lake Filtering

  • Our eDiscovery tool reduces your data lake, minimising human effort.

The Exonar Advantage

Intuitive User Interface

  • You don’t need to be a data scientist or an analyst. Simply connect Exonar to your network and our easy-to-use dashboards enable you to pull charts up and drill to any level of detail.

Intelligent Classification

  • Intelligent Classification automates the process of identifying patterns in documents and categorising them for protection, accessibility or deletion. Categories are defined by anything a user can search for, such as document markings, location, authorship, accessibility or contents.

Massive Scalability

  • Exonar’s ability to search billions of enterprise documents and return not just one but all of the most relevant results swiftly is enormously powerful. Our product can be scaled horizontally and can be installed either on-premise or in the cloud.

Boundless Connectivity

  • Exonar has an open connector framework allowing it to connect to almost any data source.

Near real time performance

  • Exonar’s platform delivers near real time responses to queries so it can be utilised both for single instance and ongoing monitoring of information assets. In addition, users can interrogate information from day one with a single ‘crawler’ ingesting around a million items a day.

Customer Obsessed Culture

  • Exonar’s agile culture sees our development process evolve through iteration, continuous feedback and evolution. We are highly focused and work collaboratively with our customer base to deliver a solution that can enable your digital transformation.

Exonar Background And Experience

The Exonar platform was originally developed for the needs of clients in the Defence sector. The system enabled them to understand their Intellectual Property, assess the ramifications of its loss including the business impact, and to help design improved processes for future protection.

We are an innovative technology company, based in the UK. This year we were selected by one of the UK’s largest retail banks over IBM to meet their initial requirements for ‘life after GDPR day’ and their platform for information management. We were selected by them not just for the unique capability of our technology but to deliver their information insight swiftly, simply and at scale because of our innovative approach and our ability to react to changing customer requirements. As a company, we pride ourselves on being utterly professional whilst maintaining our belief that people don’t want to deal with ‘the Corporate Entity’, they want to deal with real people who they can work with to solve their business problems.

We partner with the ‘big four’ consulting firms and specialist ‘boutique’ partners to deliver projects and ongoing programmes. Our investors include Amadeus Capital Partners and Winton Ventures, two of Europe’s most respected Venture Capital firms.

Where Do I Start?

The answer is to simply start. The task does not have to be approached as a big bang and no elephants need eating. Exonar can help you plan your approach and the benefits are almost immediate – the index that is created is searchable from day one. Every organisation is different with a balance bias between structured and unstructured data, different employee behaviours and different blends of knowledge and process workers but all yield benefit. The business benefits of action are clear, the rewards tangible and attainable. For the first time, discovering your information advantage is simply and easily achievable.

The first step in the process is to get in touch with Marcus Hill who will organise a walk-through of the platform for you and your team. Marcus can be contacted via 07793 857122 or

In return, you could have peace of mind with regards to your GDPR Compliance, PII, Cloud Migration, Information Security and many other of your data challenges.

Click here to download the PDF version of this guide.





Information Security Solutions

CCPA – How Will New Privacy Law Impact Trade With America


CCPA – How Will New Privacy Law Impact Trade With America?

You wait years for data privacy regulations to catch up with current data processing requirements and then, like buses, two arrive at the same time.

Many UK organisations may well feel like they have been hit by a bus, given the dramatic impact that the General Data Protection Regulation (GDPR) has had since its implementation in May. Following closely behind is the California Consumer Privacy Act (CCPA) 2018 (AB 375), passed in June, which will come into force in 2020.

In a nutshell, it’s California’s answer to the GDPR. But don’t be fooled. It may look similar to the GDPR but there are nuances organisations need to understand to comply and stay on the right side of the regulations. Especially as it’s widely accepted that CCPA will set the bar for privacy rules across other US states.

California holds a key role, especially when it comes to trade with the UK. For example, the California Chamber of Commerce notes that the UK is California’s 10th largest export destination, with over $5 billion in exports.


CCPA versus GDPR

What do UK businesses need to be aware of? Well, the overlap between several of the CCPA rights and the GDPR include the right to information and the right of access. But the obvious difference is that that the CCPA rights only apply to persons that reside in California, whereas the GDPR applies to processing of EU citizen data by organisations regardless of whether they are located within the EU or not.

To view an easily searchable text version of the CCPA, click here.


Understanding the Differences

Firstly, let’s take a step back and understand the organisations that each regulation will apply to. GDPR is relatively straight forward; it applied to any organisation holding personal data on EU citizens.

CCPA on the other hand will apply to for-profit organisations that process personal data of Californian residents and either take $24 million in annual revenue, hold the personal data of 50,000 people, households, or devices or take at least half of their revenue in the sale of personal data.

Another of the key differences between GDPR and CCPA is that obtaining consent under California’s law differs from the methods required under the GDPR. In Europe, consumers must opt in and give consent for their data to be stored and used. With CCPA, consumers can opt out of the sale of their personal information.


What does CCPA mean for the rights of the individual?

One of the main aims of the GDPR is to give individuals better visibility and control over their data, and as such it offers better access to data, right to erasure, correction and objection to automated processing. It also includes the right to notification in the event of a data breach.

The CCPA aims to improve the right of access to data being held, and the right to know how personal data is being used and who data has been provided to. It enforces the right to disclosure and objection relating to who data is being sold to and guarantees no discrimination if an individual objects to their data being sold.

The financial penalties also differ between the GDPR and CCPA. Under GDPR, organisations can be fined 4% of global turnover or €20m, whichever is greater. The CCPA imposes penalties of $750 per consumer per incident or actual damages, whichever is greater. As for penalties assessed against businesses, the highest amount is $7,500 per violation, notwithstanding penalties under California’s Unfair Business Practices Act.

For a breakdown of the similarities and differences between the GDPR and CCPA, click here.


Becoming and remaining CCPA compliant

Preparation for CCPA will share many characteristics with actions undertaken for GDPR compliance. Coordination is vital, including executive sponsors and stakeholders from legal, compliance and data privacy teams, people with oversight of technology and its security and representatives from the key personal data owners in an organisation (e.g. HR, sales, marketing, customer service).

The key is starting with data inventory. Prioritise information stores likely to contain personal data and those with poor governance. Be practical and don’t rely on your corporation’s answers to questionnaires for your data inventory, or you will get an idealistic view of your risk (a head of marketing is likely to say the personal data they process is in the marketing system, forgetting that it got there via email and has been exported into spreadsheets, for example).

The aim is to find all relevant data within your organisation. In fact, “identifying what data you hold” was listed as a key step by the UK’s ICO as well as other national authorities in the run up to GDPR. Given how rapidly data is collected, created and stored by organisations, it would be very difficult to find this out manually.

What is correct at the beginning of this year could be wildly different in 6 months’ time, and attempting to complete tasks manually will result in a catalogue of where people think data is held and processed (usually the systems designed to hold the data, like a CRM system) rather than where data is actually held (such as in a spreadsheet extracted from the CRM system to run a regular report).

But the task of creating a data inventory does not need to be arduous, there are tools available that use Big Data and Machine Learning principles as part of an eDiscovery and data mapping process, giving you the ability to rapidly find and categorise data and continue to do so on an on-going basis – ensuring continual compliance for your business rather than just at a single point in time.


Technology to simplify compliance

It’s clear that the tasks above are the first steps in what will be an on-going process. But these steps are crucial for any organisation that wants to get it right first time.

To simplify the compliance process, Exonar’s Privacy Dashboard can provide an easily digestible top-down view of the of all of the information a business holds in relation to the GDPR and the CCPA.

Exonar’s solution achieves this by indexing files in any format from sources like cloud, file shares and mail servers, and locating passwords, customer information, credit card numbers, salaries and company confidential records.

This means all of your data, from databases to documents, is mapped and classified and able to be searched instantly – even with advanced queries. This allows users to find any information held in seconds or create visualisations to help understand data. When you understand your data, it’s easy to make decisions about what data to keep or delete and what needs to be done in order to stay compliant with regulations relevant to your business.

To find out more about the CCPA and Exonar’s solutions, visit


The Great Data Shake Up – GDPR changes at 100 days and counting

The 5 Key GDPR Changes at 100 days and counting

September 2nd marked 100 days since the General Data Protection Regulation (GDPR) came into force. The new rules marked a much-needed update to the UK’s aging 1998 Data Protection Act.

The update had been a long time coming. So what have we learned so far? Here’s five ways that GDPR has shaken up the way we gather, store and process data.

1. Effective data management starts with discovery

With the amount of data collected and stored by organisations large and small, data discovery has played a major role in achieving GDPR compliance.

What’s more, being able to react to changes in user habits and trends, like permanently deleting social media accounts or customer history and interactions, has added complications to data management that must be addressed.

Advances in technology, like Big Data and Machine Learning, have added a level of simplicity to creating a data inventory. When implemented correctly, these principles can be used as part of an eDiscovery and data mapping process with the ability to rapidly find and categorise data and to do so on an on-going basis – ensuring continual compliance for an organisation rather than just at a single point in time.

The added benefit of a digital discovery process is that unknown data is often identified and located. It’s vital that all data is accounted for to ensure compliance. After all, you don’t know what you don’t know.

2. The price of non-compliance

Failure to comply with the GDPR can lead to heavier punishments than ever before. Fines for malpractice have increased from a maximum of £500,000 up to €20 million, or 4% of annual turnover (whichever is higher).

What’s more, individuals can sue a business for compensation to recover both material damage and non-material damage, like distress.

Article 82 of the GDPR states that any person who suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the data controller or processor for the damage suffered.

Therefore, it’s possible that compensation claims could reach huge numbers if a breach occurs on a large scale under the new rules, increasing financial losses as well as consuming vast amounts of time dealing with individual litigation. Just consider the recent British Airways data breach, where BA revealed that 380,000 customer transactions had been compromised. As well as potentially facing an enourmous fine under GDPR, it may be the case that every customer will be eligible for compensation.

3. Dealing with SARs

Subject Access Requests (SARs) are not a new component of the GDPR, they were first introduced under the 1998 DPA. However, GDPR has made several changes to the way that SARs (or a Right of Access as they are known under GDPR) operate which organisations must be aware of.

To begin with, organisations can no longer charge for producing SARs, and they have less time to complete them (one month, instead of 40 days).

Exonar’s own research found that many organisations struggled to meet the deadline for providing answers to FOI requests (FOI requests must be completed within 20 working days), highlighting the difficulty that many will face complying with requests under the new GDPR requirements.

The time taken by public sector organisations to respond to an FOI varied from one day to 159 days. On average it took 24 days, with the NHS averaging 27, emergency services 21, central government 22 and local government 23 days.

In another survey Exonar carried out before GDPR came into force, 57% of individuals said they would want to request their data as there is now no cost. This means organisations need to ensure they are prepared for a significant increase in the number of requests they handle.

They also need to ensure they are giving users the data they are expecting. For example, Spotify users recently noticed that although they have access to data download tools, to get hold of all of the data held – such as telemetry or A/B testing – a SAR needed to be sent to Spotify’s privacy team.

But the latest technology can help. Platforms are available that can map and understand any information held and create an index which can then be searched in seconds, no matter how much data is held. This greatly reduces the time and cost of managing data and compliance, and in fact it can reduce the cost of processing a SAR to zero.

4. Understand your data

Achieving compliance with the principles of GDPR is an ongoing task, but it becomes a simple one with added benefits once you understand the data you hold and how it’s processed. A completed audit shouldn’t mean you then stand still. Data should be continually reviewed to better organise and refine management processes.

Removing risk, especially if it’s data that has no value, is vital. When you understand your data, it makes it much easier to identify and act on duplicate, obsolete or redundant data and therefore minimise storing and processing costs.

The latest tools are able to search your sensitive information and index files in any format, no matter where the data is held, such as mail servers or the cloud. This means locating and understanding information like passwords, credit card details and confidential records is simple.

5. Beyond GDPR

Although it applies mainly to data processing, the effects of GDPR are far reaching and a successful programme of compliance often brings additional benefits, such as improvements in efficiency and productivity, tighter cyber security and increased customer loyalty and trust.

Of course, in a perfect world, data would already be stored securely and processes would be in place to ensure continued compliance.

But the good news for any businesses concerned about GDPR compliance and surviving the next 100 days is that the tools mentioned above are all available today. And not only will they help you become compliant, but they will ensure you remain compliant and in control of your data.

Adrian Barrett, CEO and founder, Exonar

To find out more about the tools that can help you to discover and understand your data, visit For specific help with SARs, see

Making the Digital Pledge work – ITProPortal

Adrian Barrett, CEO, Exonar

Local Government Minister Rishi Sunak recently launched a ‘digital pledge’ for local authorities and a £7.5 million fund to help them transform their online services. It’s an interesting move and one I hope will unlock innovation as intended.

Local councils are under such pressure to save money that an investment like this could kick start some fresh thinking and new approaches to solving problems that plague budgets. However, signing a declaration to say that your council will apply digital technology to problem solving is one thing, making technology really work hard for you is another.

The Impact of Privacy on the Public Sector

Data Requests Under GDPR to Push Cost to Public Sector Past £30 million

  • Annual costs to complete requests for personal data reach £20.6m for NHS and £7.9m for local government
  • £2.1m gap will emerge as organisations can no longer charge a fee to complete requests
  • Some 30million requests are expected across public and private sector this coming year, which will cost UK PLC £4.5bn

Newbury, UK, 4 July 2018: New research released today shows that public sector organisations face increased financial pressure as a result of the recently implemented General Data Protection Regulation (GDPR), to the tune of £30million per year. The NHS is expected to be hit hardest by the influx in data requests, given that before the introduction it cost the NHS £20.6million per year to retrieve customer data.

The impact of GDPR doesn’t stop there. Further new guidelines ruling that in most cases an organisation must also complete requests free of charge are an extra blow to budgets. This marks a key change from previous guidelines under the 1998 Data Protection Act (DPA), which allowed a processing fee to be charged. As such, a £2.1m gap in income per year is expected to emerge.

The detail behind the numbers:

The figures are the result of an extensive Freedom of Information (FOI) Act request made by Exonar, a leading provider of GDPR data mapping and data inventory solutions, to 458 organisations, including NHS Trusts (206), local government (125), central government (61) and emergency services (66) from across the UK.

The FOIs asked for the number of subject access requests (SARs) received by the organisation in 2014, 2015, and 2016* and the cost of processing each SAR.

On average, a SAR cost £145.46 to process, though some bodies admitted it costs much more, sometimes running as high as £1,800 such was the complexity of finding data and the associated administration. Multiplying the average cost to complete a SAR with the number of SARs received by the respondents in 2016 (209,023), results in a total administration cost to the public sector of £30.4 million.

Each organisation could previously have recouped some of the cost and charged a recommended £10 fee to complete a SAR but under GDPR they will no longer be able to, resulting in a £2.1m deficit that is set to grow wider as more requests are made.

NHS will be hit hardest

The study found that on average each NHS Trust already receives 800 requests per year. Multiplying this by the average cost of processing SARs and then by the 241 Trusts in the UK, the total cost to the NHS of managing SARs stands at £20.6million annually. It’s expected this will only go up as more people become aware of their rights.

In general, the public sector will struggle to meet SAR response deadlines

The GDPR has trimmed the amount of time that organisations have to complete SAR requests from 40 days – as per the 1998 DPA – to one month.

Exonar’s research found that many organisations struggled to meet the deadline for providing answers to its FOI requests (requests must be completed within 20 working days), highlighting the difficulty that many will face complying with requests under the new GDPR requirements.

The time to respond to an FOI varied from one day to 159 days. On average it took 24 days, with the NHS averaging 27, emergency services 21, central government 22 and local government 23 days.

Some Trusts can’t put a figure on the cost of processing a SAR

Some NHS Trusts declined to provide a figure such was the complexity of finding all the data related to a person. One such Trust was Calderdale and Huddersfield NHS Foundation Trust, which though couldn’t provide a figure, highlighted that the costs would include 3 WTE band 2 staff (approx. £16,500 pa each), plus costs such as discs costing £1,044/year, envelopes with an annual cost of £40, and postage costs at £1.48 per patient.

The Trust added that this would be a minimum cost and there are other costs that “cannot be quantified”, such as involvement of management, clinicians, physio and health visitors, finance and even X-ray costs.

Adrian Barrett, CEO and founder of Exonar, said that the variance in time taken to respond demonstrates how complex a task SARs are in the public sector: “The good news is the public sector is taking its responsibility to do a thorough job and find all the data pertaining to a person seriously. However, there’s a heavy process burden, especially when multiple bodies are involved, and the NHS in particular needs an alternative to manpower to trace data if it is to avoid penalties of non-compliance.”

Adrian adds that digital initiatives in the public sector have to be accelerated to relieve the burden on the public purse: “Our estimates on the costs of managing SARs is probably conservative but we do expect an immediate bow wave in response to all the GDPR emails we saw in May and June.

“Because the public now knows about the GDPR they are more likely to raise more SARs, and if there is a sudden wave of requests the public sector will be stretched further. It’s clear that the government needs to take advantage of new technology, particularly artificial intelligence, to help the public sector become more efficient with handling, organising and retrieving its data.”

Local government also hit hard to tune of £7.9million

For local government the cost of managing a SAR stands at £596. With each council receiving around 138 SARs annually, the 418 local government bodies across the UK could expect to see total costs of £7.9million/ year. This number is expected to rise given that between 2014 and 2016 the number of SARs jumped from 15,173 to 17,274.

It’s estimated by Exonar that an average SAR will run to thousands of pages as complete medical histories and the like are produced. It’s a reflection of the situation in the private sector, where a bank provided 2 boxes of paper for a single customer who had banked with them for 25 years.**

Barrett says the total number of SARs could cost UK PLC billions: “We expect 30 million requests to be made this year to private businesses of all sizes and the public sector. If we assume the cost to process a SAR is the same in public and private sectors, then the cost to UK PLC stands at £4.5bn. That’s an extraordinary sum to set against admin that has no value to a company.”

A copy of the full report, which details all the findings and compares NHS, Emergency services, local and central government can be requested here.

Notes to editors
*complete data for 2017 was not available
** A limited scope SAR submitted to a high street bank that a customer had been with for over 20 years generated over 800 sheets paper, enough to fill two DHL boxes. An image showing the results is here.
Additional research related to how the public will react to their new-found data rights is here. It highlights that 57% of UK adults would raise a SAR on companies and public sector organisations once GDPR was explained to them.

About the research
458 public sector organisations responded to FOI requests between September and November 2017. The FOI asked for number of SARs received between 2014-2016 and the cost to complete a SAR. 206 NHS Trusts, 125 local government, 61 central government and 66 emergency services from across the UK completed the request.
Numbers have been calculated by averaging the figures provided by the different sectors to provide sector comparisons in particular for the NHS and local government. There are 418 local government bodies, and 241 NHS Trusts.

About Exonar
Exonar solves a problem common to all organisations and their senior information owners, “I just don’t know what I’ve got”. Exonar finds and fixes an organisations’ information, from databases to documents – instantly and at scale. We use machine learning to understand what’s important, where it is and who has access to it.
Exonar identifies documents containing passwords, customer and confidential information enabling successful governance, risk management, document retention, cyber security and compliance with forthcoming regulations such as GDPR – with ease.
We enable organisations to better organise their information, removing risk and making it more productive and secure. Visit us at or follow us @Exonar.


Can you handle the Sauce Ex Challenge? Infosecurity Europe

5 Questions – 5 Crackers – 5 Litres of HOT SAUCE!

See us on stand R145, Infosecurity Europe 2018 – Olympia, London, 5-7 June 2018

Choose either Ghost GDPepR ‘Sauce Ex’ (1m scovilles) or ‘Regret’ (12m scovilles) and test your GDPR knowledge in the hottest competition at Infosecurity Europe, 2018.

GDPR is ‘the’ hot topic so we thought we’d spice things up and test your knowledge of the new legislation… whilst tasting some of the hottest chilli sauce available to liven it up!

Come and visit Exonar on Stand R145. If you’re clued up enough on the hotspots of GDPR, you’ll get a chance to enjoy our hot new release. No, not a new Exonar platform feature – our very own Sauce EX.

We like our spice down in Newbury – or ‘Silicon Canal’ as we like to call it – and Sauce EX is our homage to the superlatives of the Scoville Scale and the devilry of data management. A fiery, wickedly delicious and limited edition creation made from ultra-lively habanero and ghost chillies, it’s available exclusively and only to Infosecurity Europe visitors. Answer all five questions correctly in the fastest time without reaching for the milk and you’ll win your own 5 litre bottle of Sauce EX that’ll add some serious extra heat to your BBQs this summer.

So, if you think you’ve got the ‘fright’ stuff, pop down to Stand R145 and take your taste buds on an adventure they won’t forget. Remember: you can’t delegate this one to the DPO – they’ve already got some hot stuff on their plate.

Exonar CEO, Adrian Barrett and Business Development Director, Sean Campbell took the challenge without the need for any milk!

For further information, please contact:


Infosecurity Europe 2018 – Olympia, London, 5-7 June 2018

See us on stand R145

Find & Fix your data: GDPR compliance and data management just got easier with updates to Exonar’s innovative Information IntelligenceTM platform

Exonar solves GDPR data mapping, data subject rights, and information security challenges – and now adds three new solution areas to make the DPO’s life easier

Olympia, London, 5 June 2018: UK data discovery specialists Exonar Ltd today unveiled powerful new updates to help organisations find and fix the data that they hold, whilst complying with new regulations such as the General Data Protection Regulation. The Exonar platform delivers the most comprehensive search capability to identify and understand all types of sensitive information. Providing instant search results across all information from databases, documents, email and file shares – from global dashboards right down to document level the powerful platform is a must for data discovery and ongoing management.

Whether stored in the cloud, on mail servers, in databases or in file sharing systems, personal data can rapidly become a liability, vulnerable to exploitation by hackers, criminals or other unauthorised third parties. From customer contact and private employee information to financial data, passwords, encryption keys and other confidential records, Exonar discovers and remediates the unstructured ‘digital litter’ scattered around your networks and devices.

So what’s new for Infosecurity Europe?


  • Auto classification: by understanding the content and intent of documents the Exonar platform is able to find and, using machine learning, automatically categorise groups of same or similar documents to enable rapid implementation of discovery, GDPR rights, document retention and information security policies.
  • OCR: Exonar adds optical character recognition to read any text stored in document scans, individual images, those embedded in documents or attached to an email enabling organisations with scanned document stores to bring these into their GDPR and data management strategies.
  • API: the new application programming interface allows easy third party integration with the Exonar platform automating discovery capabilities for a wide range of business processes and applications such as SIEM and DLP to augment these solutions with near-real time, Information IntelligenceTM. This non rules based approach makes DLP systems usable in the changing world of information governance.

With an easy-to-use dashboard, Exonar simplifies data discovery and management across four key areas of business operation:

  • GDPR: enables quick and pain-free discovery, mapping and remediation of personal data inventories under the new regulation.
  • Data Subject Rights: case management module enables fast and cost-effective handling and monitoring of data subject rights that form the core of the GDPR – providing an automated and efficient solution to the anticipated high volumes of data subject rights requests.
  • Information Security: plug into file shares, shared drives, mail servers, databases and cloud storage systems to provide the widest view of unstructured data so organisations can find and understand that data – and then protect it.
  • Cloud Governance: enables organisations to cleanse, migrate, monitor and control cloud storage for secure, simplified and risk-optimised access to the information they need.

Adrian Barrett, CEO and founder of Exonar, said:

“An exponential increase in data volume means organisations must find new ways to understand the risk as well as the opportunities in their data. Organisations who manage and use the data they hold effectively will survive and thrive in this privacy generation.

Our platform provides an instant picture of all the data that you hold, showing you what personal data you have and where it is – all in near real-time. We then enable you to control, change, manage, remediate, harmonise and secure that data in a prompt, cost-effective and compliant way, minimising risk of breach, leak or loss and optimising your relationship with your customer.

We help to bring order to the chaos that unstructured data can create and we’re confident that life with Exonar will also create efficiency and trust for both customers and employees” finished Barrett.

For further information, please contact:



Whose Customer is it Anyway?

Once upon a time customers belonged to Customer Services but things are changing around the board table – Coca Cola recently replaced their Chief Marketing Officer (CMO) with a Chief Growth Officer (CGO) and over the past few years we’ve witnessed a trend of companies substituting the role of Chief Information Officer (CIO) for that of a Chief Customer Officer (CCO).

These changes suggest that it’s no longer enough to have roles focusing solely on managing internal tools or processes – organisations want to make sure that the customer is placed firmly at the heart of the business and in such a way that outcomes relating to customer interactions can be meaningfully measured on a daily basis (not once a year via a satisfaction survey).

So, in an environment where multiple members of the executive team are being compensated on customer metrics, who actually owns the relationship?

Mine, mine, mine!

When it comes to deciding who owns the customer relationship, you could end up with this argument around the table:

The Chief Operating Officer (COO) will tell you that her teams face into the customer and are therefore the guardians of the customer relationship.

The CMO will tell you that by making sure he owns all customer communications, you’ll have access to richer customer analytics and data that will increase customer revenue and satisfaction via improved marketing effectiveness.

The CCO will remind you that she is responsible for growing customer revenue and therefore ultimately owns customers as a segment.

Customer Ownership vs Compliance Responsibility

One thing that not everyone will put their hand up for is the responsibility of customer data compliancy.  It’s entirely possible that in this instance everyone will point at the CIO (assuming that his title hasn’t changed) because he owns the infrastructure where all the data is held and manages the rules around security.  With every member of the business potentially putting customer data into the infrastructure, he’s unlikely to agree that the responsibility is solely his.  And it’s not just a job for the Legal team either.

A Single Data Set = Joint Ownership

Whilst there may be argument on ownership of relationship vs responsibility for compliance, the one area where you will find agreement is the nirvana of a Single Customer View and the General Data Protection Regulation (GDPR) could be your way to move towards it.

A Beneficial Piece of Legislation

We believe the GDPR could be the trigger for organisations to realise incredible business benefits because at it’s heart is the need for robust data management.  Using Big Data and Machine Learning principals to deliver data management and intelligent classification, it’s now possible for an organisation to take control of it’s data assets in a fraction of the time of traditional consulting methods.  This approach enables organisations to create one, secure, trusted dataset with policies enforced on a low-touch / automated basis giving you real-time:

  • Customer insights
  • Control over data usage
  • Opportunities to deliver a great customer experience
  • Ability to make decisions that increase profitability.

Ownership for All

By using GDPR as a means to kick-start a process of complete data management that is designed to drive the business forward, it gives organisations not only the impetus to address forthcoming legislation in a positive manner, but also the opportunity for the entire Board to compete for the crown of being the most customer-centred person in the business – and with access to the right data to prove it.

This is just a snapshot of how we believe taking a proactive data-centric approach to GDPR could benefit your business.  To find out how you could use GDPR to place the customer at the heart of your business, either download our whitepaper here:  or drop us a line at

Getting to Grips with GDPR

Getting to Grips with GDPR

What We’ve Been Reading And Writing This Month

GDPR – companies are ramping up their GDPR budgets
Plus – If you are visiting Infosec, check out our tips for the hot topics
It all starts with Data Discovery
It all starts with Data Discovery
This articles aim is to filter the GDPR noise down to a considered conversation that focuses on what’s important to your business and how you can take the appropriate steps to deliver a positive GDPR outcome.
Pulse Survey: US Companies ramping up GDPR budgets
Pulse Survey: US Companies ramping up GDPR budgets
A recent PwC pulse survey asked C-suite executives from large American multinationals about the state of their plans for Europe’s landmark General Data Protection Regulation (GDPR).
Our Tips for the Hot Topics at Infosec 2017
Our Tips for the Hot Topics at Infosec 2017
We’re exhibiting at Infosec this week and these are the hot topics we are looking forward to hearing about. If you are there, come along and see us on stand S07.
The DPO role: A quick survey
A recent survey by the IAPP asks what are the essential job skills and the appropriate professions of Data Protection Officers under the GDPR.
Get our free GDPR report
Get a free GDPR report
Want to know what your peers are planning for GDPR? Fill out this short survey and we will send you a free GDPR report.
Where Do I Start with General Data Protection Regulation?
This article gives insight into what you need to know about the regulation before you start and provides a simple framework for approaching GDPR.
GDPR Awareness Coalition
GDPR Awareness Coalition
The GDPR Awareness Coalition is a great place to start your GDPR journey, there’s lots of tips, recommendations and shareable infographics to help get that stakeholder buy in.
The utterly unrelated section.15 forgotten tech sounds you just don`t hear any more

The utterly unrelated section.

15 forgotten tech sounds you just don’t hear any more
Wallow in the beeps and buzzes of yesteryear, with these extinct sounds of tech