Posts

Missed Our Webinar? Watch ‘The Perfect Privacy Programme’ Now

GDPR One Year On: What Does a Perfect Privacy Programme Look Like?
Free Web Conference – Brought to you by Exonar. Your chance to view the recorded webinar.

One year on from the introduction of the EU General Data Protection Regulation (GDPR), join Exonar and experts from the field in discussing ‘What does a perfect privacy programme look like?’

In this web conference we will hear from our panel of experts as they discuss:

  • What are the necessary components of an enterprise-level privacy programme?
  • How do we optimally assign roles and responsibilities within a privacy programme?
  • How can we most effectively create and manage accurate personal data inventory? (Article 30 – Records of Processing Activities)
  • How do we best monitor for GDPR compliance using both manual and technical controls?
  • What is the best way to deliver privacy training to our employees?
  • What are the most effective tools available to satisfy individual rights? I.e. Subject Access Requests (SARs), Right to be Forgotten, data deletion and retention.

In addition to discussion from the field, our panel will also discuss Exonar’s recent findings based on surveys of 100+ organisations and consumers into:

“What’s Next with Personal Data Inventory?” – Exonar have profiled 100+ organisations’ attempts to create personal data inventory. One year on we ask what monitoring and compliance actions they are now planning to take as a result.

“Consumer Attitudes to Subject Access Requests (SARs): A SARvey” – Exonar have surveyed 100+ consumers to assess their sentiment towards data privacy and the ability to exercise their privacy rights.

Host:
John Tsopanis, Data and Privacy Director, Exonar

Panelists:
Ralph O’Brien CIPM, Vice Chair UK Data Protection Forum, Principal Reinbo Consulting
Sophie Payne, Customer Success Lead and Data Scientist, Exonar
Ben Falk, CEO of Yo-Da, Your Data

Run time – 41 minutes.

 

Book a demo or a free trial  to learn more about how the Exonar platform can transform your data.

Meet the Exonar GDPR Dashboard – ‘How To’ Video

Exonar’s GDPR dashboard provides a top-down view of your organisation’s information in relation to the EU GDPR. It enables you to discover all your privacy data, search by server/location, filter by category and geo-location, identify personal data types and so much more. Our dashboard view will take your organisation beyond spreadsheets and interviews, and into the realm of making well informed decisions, rapidly.
Watch our demo video to see the dashboard in action.

 

Book a demo or a free trial  to learn more about how the Exonar platform can transform your data.

CCPA – The Definitive, Easily Searchable Text

In the last 12 months, data privacy has moved from a niche topic to something talked about at almost every corporation’s board meeting.

The EU GDPR, which came into force on May 25th, 2018, covers data held on any EU citizen and enforced new accountability for organizations processing personal data.

With the legislature passing the California Consumer Privacy Act 2018 (AB 375) on June 29th 2018, there are now a similar set of rules governing most organizations holding data on US Citizens.

We’ve now made it easy for you to read the act in full with our easily searchable CCPA text below:

California Consumer Privacy Act

CCPA 2018 Introduction

Section 1

Section 1 This measure shall be known and may be cited as “The California Consumer Privacy Act of 2018.

Section 2

Article A In 1972, California voters amended the California Constuition…
Article B Since California voters approved the right of privacy, the…
Article C At the same time, California is one of the world’s leaders in…
Article D As the role of technology and data in the every daily…
Article E Many businesses collect personal information from…
Article F The unauthorized disclosure of personal information and…
Article G In March 2018, it came to light that tens of millions of people…
Article H People desire privacy and more control over their information.
Article I Therefore, it is the intent of the Legislature to further…
Article I (1) The right of Californians to know what personal information is being collected about them.
Article I (2) The right of Californians to know whether their personal information is sold or disclosed and to whom.
Article I (3) The right of Californians to say no to the sale of personal information.
Article I (4) The right of Californians to access their personal information.
Article I (5) The right of Californians to equal service and price, even if they exercise their privacy rights.

Section 3 – Title 1.81.5 CCPA 2017 added toPart 4 of Division 3 of the Civil Code

Law Section 1798.100 Right to Know What Personal Information is Being Collected.
Law Section 1798.105 Compliance with Right to Say No and Notice Requirements.
Law Section 1798.110 Articles (A), (B), (C), (D).
Law Section 1798.115 Articles (A), (B), (C), (D).
Law Section 1798.120 Articles (A), (B), (C), (D).
Law Section 1798.125 Articles (A), (B).
Law Section 1798.130 Articles (A), (B), (C).
Law Section 1798.135 Articles (A), (B), (C).
Law Section 1798.140 Articles (A), (B), (C), (D), (E)…(Y).
Law Section 1798.145 Articles (A), (B), (C), (D), (E)…(J).
Law Section 1798.150 Articles (A), (B), (C).
Law Section 1798.155 Articles (A), (B), (C), (D).
Law Section 1798.160 Articles (A), (B).
Law Section 1798.175 This title is intended to further the constitutional right…
Law Section 1798.180 This title is a matter of statewide concern and supersedes…
Law Section 1798.185 Articles (A), (B).
Law Section 1798.190 If a series of steps or transactions were component parts…
Law Section 1798.192 Any provision of a contract or agreement of any kind that purports…
Law Section 1798.194 This title shall be liberally construed to effectuate its purposes..
Law Section 1798.196 This title is intended to supplement federal and state law, if permissible…
Law Section 1798.198 Articles (A), (B).

Section 4

Article (A) The provisions of this bill are severable. If any provision of this bill or its application is held invalid, that invalidity shall not affect other provisions or applications that can be given effect without the invalid provision or application.

Solve the ICO’s Step 2 ‘Document What Personal Data You Hold’

Solve the ICO’s Step 2
‘Document What Personal Data You Hold’

What We’ve Been Reading And Writing This Month

GDPR Data Discovery
Plus – Become a GDPR Millionaire!
PwC and Exonar bring new data discovery and remediation services to market
PwC and Exonar form alliance to bring new data discovery and remediation services to market Partnership will bring together PwC’s world-leading data discovery knowledge with Exonar’s ground…
Preparing for GDPR has completely changed Lloyds` digital marketing strategy
Two years into preparing for the May 2018 GDPR deadline, Lloyds Banking Group has overhauled its CRM strategy across its major brands to focus on ‘how to’ content rather than product…
How the GDPR will disrupt Google and Facebook
We all know about the Data Protection Act – the rules that govern who gains, keeps and distributes your all-important personal data and how. As headlines of massive data breaches have…
Subject access requests: revised guidance from the ICO -...
The first draft of the Data Protection Bill (DPB) was released on 13 September 2017, following its second reading in the House of Lords. This bill is designed to bring the UK’s data…
Get our free GDPR report
Everything you need to know about the upcoming EU ePrivacy Regulation on the Respect for private life and the protection of personal data in electronic communications and repealing…
Plantatreeforprivacy: the impact of GDPR when privacy regulations change
Millions of UK consumers may submit subject access requests (SARs) to find out what personal information businesses hold on them after the GDPR goes live in May next year, with financial…
We Are Hiring - Marketing Executive - Exonar
Unless you’ve been living under a rock, you’ll have noticed that there are lots of people talking about GDPR – which is a good thing. However, there is lots of nonsense being talked about…
Heineken Pet
The Somewhat Related Section: Become A GDPR Millionaire
Read the original blog by Rowenna here: http://missinfogeek.net/gdprubbish/ If PCI DSS paid off the mortgage, then GDPR looks well on its way to buy the yacht. But how does one go about…

A Headlining Week for Privacy, SARs and Err, Trees

Privacy Has Been Hitting the Headlines

What We’ve Been Reading And Writing This Month

Personal Information and Subject Access Requests
Plus – Saving Trees for Privacy?
IDC Insight - Exonar Probes Depths Where No GDPR Solution Has...
When GDPR goes live, people will be able to submit subject access requests to current and former employers
Apple actively promoting Privacy as a selling point but...
Apple actively promoting Privacy as a selling point but…
At Apple, we build privacy into every product we make, so you can enjoy great experiences that keep your personal information safe and secure.
How the GDPR will disrupt Google and Facebook
…seen in an Apple store in Chicago – Exactly what GDPR should stop
Normally one of the bastions of privacy data, below is a sign that was spotted in an Apple retail outlet in Chicago recently. In essence, it assumes full consent is given for Apple and it’s…
Subject access requests: revised guidance from the ICO -...
At 9.24pm (and one second) on the night of Wednesday 18 December 2013, from the second arrondissement of Paris, I wrote “Hello!” to my first ever Tinder match. Since that day I’ve fired up…
Get our free GDPR report
You have the right to get a copy of the information that is held about you. This is known as a subject access request.
Plantatreeforprivacy: the impact of GDPR when privacy regulations change
Download our report: the impact of GDPR when privacy regulations change
In May next year, the UK’s Data Protection Act will be superseded by the GDPR. The GDPR is designed to give citizens more control of the information organisations hold on them and how that…
We Are Hiring - Marketing Executive - Exonar
SARs can be over 800 Pages long.Where do we start?
I did my own SAR on my own bank. This is it (actually, it’s less than half of the information they hold on me but they filtered the request). Arrived via DHL in 2 huge boxes…
Heineken Pet
The Somewhat Related Section – Planting trees for privacy. Really?
Yes, odd, we know but this 90 second video explains all – we felt bad after the SAR experiment on the left, not just for trees but for the employees that have to generate SARs…

Millions of Brits set to make GDPR personal information requests

Finance, telecoms and even social media in the firing line as customers set to demand a copy of personal information held on them

LONDON, November 1st 2017 – New research released today shows that millions may submit Subject Access Requests (SARs) to find out what personal information businesss hold on them after the General Data Protection Act goes live in May 2018.

The research, conducted by Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, set out to identify what people know about how their privacy rights will change in May 2018. The findings showed that 70% of people have no idea about the changes. However, once GDPR and the term SAR was explained to them, 57% said they would raise a SAR.

The research also considered which sectors will be hit hardest. Financial services topped the charts with a third of people saying they would submit a SAR to their bank and 16% to their credit card provider. This could result in around 21million* current account holders raising a SAR and around a further 8million** credit card holders also asking for information held on them.

Other targets for SARs included mobile network providers (11%), social media companies (16.4%), insurance companies (8%), and loan companies (5%), 8% a utility firm, and 5% a retailer. A further 9% would raise a SAR on a current employer, 4% on an ex-employer.

Julie Evans, COO at Exonar, said companies need to make the most of the time they have before the Information Commissioner’s Office (ICO) starts its consumer publicity campaigns: “Companies often ask us how they can predict how many SARs they will receive. It’s an impossible task as so much of it will come down to consumer awareness.

“At the moment all communication efforts from the ICO are focused on getting companies ready for the GDPR, but come next Spring, we expect the focus to change as they start to inform the general public about the changes. If the ICO succeeds in raising consumer awareness then, as this research shows, the floodgates will open. Businesses really do need to make the most of the remaining months to get their data house in order.”

The research found that people are worried about how their data is managed today: 27% are concerned their data could be sold, and another 27% said they worried about hacking.

As part of the research, it was explained that a SAR could run into hundreds of pages***. Almost a fifth (18%) stated ‘shock’ that a company could hold so much about them and everything they have ever done, with 15% saying that if they held that much information they would want to know exactly what it was and a further 10% went as far as to say they’d want companies to forget about them altogether.

There were also environmental concerns: a third of people (31%) said they thought SARs were a waste of paper and would prefer to receive them in a secure digital format – just over a quarter were surprised a SAR wasn’t digitized anyway. 12% said environmental concerns would put them off doing a SAR.

Evans adds: “Going digital should be at the heart of any GDPR strategy. New technologies like data mapping, big data and machine learning will make it easier for businesses to ensure personally identifiable data is easy to locate and secure. Technology can help everyone in a business to follow best practice and avoid the potentially hefty cost of failing to deal with SARs and comply with the GDPR.

“Aside from the cost, relying on manual processes is too high risk. Going digital will make the process of finding and retrieving information quicker and cheaper, and also lessen the environmental impact of completing a SAR request.”

In order to offset the environmental impact of producing paper-based SARs and to encourage organisations to consider moving towards a digital process, Exonar is asking that for every SAR that is produced in paper a tree is planted or a donation is made to the Woodland Trust.

For more information about the research go to: www.exonar.com/plantatreeforprivacy

 

Notes to editors 

About the research: 1028 adults were surveyed between 6th and 10th October 2017, by Opinion Matters.

* Approx. 21m active current account holders (33% of 65m –  https://assets.publishing.service.gov.uk/media/53c834c640f0b610aa000009/140717_-_PCA_Review_Full_Report.pdf)

** Approx. 8m active credit card holders (16% of 50m –http://uk.creditcards.com/credit-card-news/uk-britain-credit-debit-card-statistics-international.php)

Calculation: 33% of 1028 people questioned said they would submit a SAR to their current account provider, and 16% said they would submit a SAR to their credit card provider, multiplied by the total active current account/credit card holders.

*** People can raise a request today but companies can take as long as 40 days and charge for the service. An Exonar employee asked their bank, with whom they have been a customer for 20 years, for the information they held on them. This picture features all the paper the employee received. It amounts to eight reams of paper.

Millions of Brits to submit SARs when the GDPR goes live

 

Finance, telecoms and even social media in the firing line as customers set to demand a copy of personal information held on them

LONDON, November 1st 2017 – New research released today shows that millions may submit Subject Access Requests (SARs) to find out what personal information businesss hold on them after the General Data Protection Act goes live in May 2018.

The research, conducted by Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, set out to identify what people know about how their privacy rights will change in May 2018. The findings showed that 70% of people have no idea about the changes. However, once GDPR and the term SAR was explained to them, 57% said they would raise a SAR.

The research also considered which sectors will be hit hardest. Financial services topped the charts with a third of people saying they would submit a SAR to their bank and 16% to their credit card provider. This could result in around 21million* current account holders raising a SAR and around a further 8million** credit card holders also asking for information held on them.

Other targets for SARs included mobile network providers (11%), social media companies (16.4%), insurance companies (8%), and loan companies (5%), 8% a utility firm, and 5% a retailer. A further 9% would raise a SAR on a current employer, 4% on an ex-employer.

Julie Evans, COO at Exonar, said companies need to make the most of the time they have before the Information Commissioner’s Office (ICO) starts its consumer publicity campaigns: “Companies often ask us how they can predict how many SARs they will receive. It’s an impossible task as so much of it will come down to consumer awareness.

“At the moment all communication efforts from the ICO are focused on getting companies ready for the GDPR, but come next Spring, we expect the focus to change as they start to inform the general public about the changes. If the ICO succeeds in raising consumer awareness then, as this research shows, the floodgates will open. Businesses really do need to make the most of the remaining months to get their data house in order.”

The research found that people are worried about how their data is managed today: 27% are concerned their data could be sold, and another 27% said they worried about hacking.

As part of the research, it was explained that a SAR could run into hundreds of pages***. Almost a fifth (18%) stated ‘shock’ that a company could hold so much about them and everything they have ever done, with 15% saying that if they held that much information they would want to know exactly what it was and a further 10% went as far as to say they’d want companies to forget about them altogether.

There were also environmental concerns: a third of people (31%) said they thought SARs were a waste of paper and would prefer to receive them in a secure digital format – just over a quarter were surprised a SAR wasn’t digitized anyway. 12% said environmental concerns would put them off doing a SAR.

Evans adds: “Going digital should be at the heart of any GDPR strategy. New technologies like data mapping, big data and machine learning will make it easier for businesses to ensure personally identifiable data is easy to locate and secure. Technology can help everyone in a business to follow best practice and avoid the potentially hefty cost of failing to deal with SARs and comply with the GDPR.

“Aside from the cost, relying on manual processes is too high risk. Going digital will make the process of finding and retrieving information quicker and cheaper, and also lessen the environmental impact of completing a SAR request.”

In order to offset the environmental impact of producing paper-based SARs and to encourage organisations to consider moving towards a digital process, Exonar is asking that for every SAR that is produced in paper a tree is planted or a donation is made to the Woodland Trust.

For more information about the research go to: www.exonar.com/plantatreeforprivacy

 

Notes to editors 

About the research: 1028 adults were surveyed between 6th and 10th October 2017, by Opinion Matters.

* Approx. 21m active current account holders (33% of 65m –  https://assets.publishing.service.gov.uk/media/53c834c640f0b610aa000009/140717_-_PCA_Review_Full_Report.pdf)

** Approx. 8m active credit card holders (16% of 50m –http://uk.creditcards.com/credit-card-news/uk-britain-credit-debit-card-statistics-international.php)

Calculation: 33% of 1028 people questioned said they would submit a SAR to their current account provider, and 16% said they would submit a SAR to their credit card provider, multiplied by the total active current account/credit card holders.

*** People can raise a request today but companies can take as long as 40 days and charge for the service. An Exonar employee asked their bank, with whom they have been a customer for 20 years, for the information they held on them. This picture features all the paper the employee received. It amounts to eight reams of paper.

Seen in Apple in Chicago – Exactly What GDPR Should Stop

Normally one of the bastions of privacy data, below is a sign that was spotted in an Apple retail outlet in Chicago recently. In essence, it assumes full consent is given for Apple and it’s Partners to use privacy data by merely entering the store.

GDPR Article 7 might have something to say about this!

IDC Insight – Exonar Probes Depths Where No GDPR Solution Has Gone Before

Analyst IDC Publishes Insight into Exonar’s Capability to Help Organisation’s Comply with GDPR

Exonar Probes Depths Where No GDPR Solution Has Gone Before June 19, 2017
By: Mark Child, Alex Proskura, Dominic Trott

 

IDC’s Quick Take

At InfoSec 2017 in London, Exonar briefed IDC on its innovative solution to the challenges of content discovery, classification, and management. Its proposition is built on open source technologies and utilizes advanced methodologies to overcome many of the hurdles faced by traditional DLP and eDiscovery solutions. Exonar’s solution enables companies to get to grips not just with GDPR, but with a much broader set of challenges.

Event Highlights

Exonar’s demo focused on its data discovery, management, and compliance solutions, highlighting high- level dashboard views, as well as tools and capabilities for users to drill down and analyze any component of a company’s data assets. The vendor emphasized the importance of developing processes and mechanisms that ensure compliance is achieved by design and business risk is reduced in the long term.

IDC’s Point of View

Modern organizations face numerous challenges in terms of managing their systems and data. The current era of digital transformation and the shift to 3rd platform architectures are driving a need to focus on securing data rather than ensuring a secure perimeter or border; at the same time, the confluence of users and processes with data and systems means the human aspect and use cases are often as important as technology considerations. Data protection efforts are further complicated by the presence of data not only on a variety of devices, including mobile, but also in a variety of forms. Unstructured data, such as data in emails and office documents, presents a particular challenge. Compliance looms over all of this, with frameworks such as the forthcoming EU General Data Protection Regulation (GDPR) compelling organizations to address many of their data management challenges in the face of a hard schedule and concrete deadline.

Significantly for Exonar, the EU is not the only area where data compliance regulatory requirements are evolving. With markets such as China, Russia, and Singapore also setting out stronger guidelines, Exonar has the opportunity to address a much broader market than just its “home” region of Europe.

Exonar’s development arose from addressing specific needs in the defense and aerospace sectors. In trying to resolve its customers’ requirements, the vendor looked at the information assets component and at data loss prevention (DLP) solutions. However, it saw a key obstacle in that the solutions on the market typically could not understand what they were looking at. Contextual understanding was a challenge. Then it looked at ediscovery solutions to overcome these hurdles, but found major problems with scalability — a critical requirement in modern organizations ramping up to billions of files and documents. As a result, the company opted to develop its own solution and did so using a lot of open source components.

The Exonar solution is built on search technology (the appliance version might be described as “Google in a box”), supported by NoSQL, and is able to handle billions of documents. The solution makes use of machine learning (ML) for context identification; it is delivered to clients pre-trained, but it is further trainable; and it takes into account the document metadata, as well as the content.

Exonar’s solution uses natural language processing for contextual awareness; in other words, it not only looks for specific terms but also the language and structure around them. The language and structure tend to be fairly consistent in many document types (NDAs, CVs, purchase orders, etc.). The solution then creates rules around the location of the file and can make files available only to specific groups, such as HR and finance. It may be described as working on a principle of master data aggregation rather than management.

When it comes to deployment, Exonar’s solution is available on premises as an appliance and hosted in the cloud; it can even be consumed as a managed service. A portable version is also available, although, to date, the on-premises version and the MSP offering provide the most robust functionality. And, as the vendor looks to broaden its reach, it is now opening up its APIs to allow other systems to communicate with it. One of the API integrations that may bring significant benefit is the integration of Exonar with existing document management and email solutions, which could help remediate some of the traditional data protection risks.

Who Needs It?

Exonar reports that its customers come from across the market spectrum — finance, local government, travel and transport, law, and telecommunications. Although the largest portion of Exonar’s customer base is in the U.K., the vendor is fielding more and more inbound enquiries from abroad and is in negotiations with partners in the U.S. and in the Nordics to help manage its expansion. Regarding the drivers of adoption, becoming GDPR compliant is, perhaps unsurprisingly, the number-one reason (by a considerable margin) that organizations are seeking out Exonar. However, as important as cybersecurity is, it comes a distant second to making sure companies do not fall foul of privacy regulators. Exonar has published a white paper on data management and getting to grips with GDPR, which is available here.

What Next?

Exonar’s solution addresses many of the challenges around data management — such as discovering hidden data and dealing with data at the speed it is created — and has emerged at a time when the need has never been greater, with GDPR coming into force in less than a year. The volume of inbound enquiries Exonar is receiving from beyond its core market is testament to the current market need for such a solution and points to rapid expansion over the coming months. Beyond compliance, the solution clearly has tremendous potential from a business enablement and efficiency perspective — drivers that should fuel even further expansion.

©2017 IDC #lcCEMA42801817 3

IDC Research Paper on Exonars Capabilities for GDPR compliance

Find your data. Deal with its legitimacy. And put the controls and monitoring in place.

IDC – Exonar Probes Depths Where No GDPR Solution Has Gone Before

Analyst IDC Publishes Insight into Exonar’s Capability to Help Organisation’s Comply with GDPR

Exonar Probes Depths Where No GDPR Solution Has Gone Before June 19, 2017
By: Mark Child, Alex Proskura, Dominic Trott

 

IDC’s Quick Take

At InfoSec 2017 in London, Exonar briefed IDC on its innovative solution to the challenges of content discovery, classification, and management. Its proposition is built on open source technologies and utilizes advanced methodologies to overcome many of the hurdles faced by traditional DLP and eDiscovery solutions. Exonar’s solution enables companies to get to grips not just with GDPR, but with a much broader set of challenges.

Event Highlights

Exonar’s demo focused on its data discovery, management, and compliance solutions, highlighting high- level dashboard views, as well as tools and capabilities for users to drill down and analyze any component of a company’s data assets. The vendor emphasized the importance of developing processes and mechanisms that ensure compliance is achieved by design and business risk is reduced in the long term.

IDC’s Point of View

Modern organizations face numerous challenges in terms of managing their systems and data. The current era of digital transformation and the shift to 3rd platform architectures are driving a need to focus on securing data rather than ensuring a secure perimeter or border; at the same time, the confluence of users and processes with data and systems means the human aspect and use cases are often as important as technology considerations. Data protection efforts are further complicated by the presence of data not only on a variety of devices, including mobile, but also in a variety of forms. Unstructured data, such as data in emails and office documents, presents a particular challenge. Compliance looms over all of this, with frameworks such as the forthcoming EU General Data Protection Regulation (GDPR) compelling organizations to address many of their data management challenges in the face of a hard schedule and concrete deadline.

Significantly for Exonar, the EU is not the only area where data compliance regulatory requirements are evolving. With markets such as China, Russia, and Singapore also setting out stronger guidelines, Exonar has the opportunity to address a much broader market than just its “home” region of Europe.

Exonar’s development arose from addressing specific needs in the defense and aerospace sectors. In trying to resolve its customers’ requirements, the vendor looked at the information assets component and at data loss prevention (DLP) solutions. However, it saw a key obstacle in that the solutions on the market typically could not understand what they were looking at. Contextual understanding was a challenge. Then it looked at ediscovery solutions to overcome these hurdles, but found major problems with scalability — a critical requirement in modern organizations ramping up to billions of files and documents. As a result, the company opted to develop its own solution and did so using a lot of open source components.

The Exonar solution is built on search technology (the appliance version might be described as “Google in a box”), supported by NoSQL, and is able to handle billions of documents. The solution makes use of machine learning (ML) for context identification; it is delivered to clients pre-trained, but it is further trainable; and it takes into account the document metadata, as well as the content.

Exonar’s solution uses natural language processing for contextual awareness; in other words, it not only looks for specific terms but also the language and structure around them. The language and structure tend to be fairly consistent in many document types (NDAs, CVs, purchase orders, etc.). The solution then creates rules around the location of the file and can make files available only to specific groups, such as HR and finance. It may be described as working on a principle of master data aggregation rather than management.

When it comes to deployment, Exonar’s solution is available on premises as an appliance and hosted in the cloud; it can even be consumed as a managed service. A portable version is also available, although, to date, the on-premises version and the MSP offering provide the most robust functionality. And, as the vendor looks to broaden its reach, it is now opening up its APIs to allow other systems to communicate with it. One of the API integrations that may bring significant benefit is the integration of Exonar with existing document management and email solutions, which could help remediate some of the traditional data protection risks.

Who Needs It?

Exonar reports that its customers come from across the market spectrum — finance, local government, travel and transport, law, and telecommunications. Although the largest portion of Exonar’s customer base is in the U.K., the vendor is fielding more and more inbound enquiries from abroad and is in negotiations with partners in the U.S. and in the Nordics to help manage its expansion. Regarding the drivers of adoption, becoming GDPR compliant is, perhaps unsurprisingly, the number-one reason (by a considerable margin) that organizations are seeking out Exonar. However, as important as cybersecurity is, it comes a distant second to making sure companies do not fall foul of privacy regulators. Exonar has published a white paper on data management and getting to grips with GDPR, which is available here.

What Next?

Exonar’s solution addresses many of the challenges around data management — such as discovering hidden data and dealing with data at the speed it is created — and has emerged at a time when the need has never been greater, with GDPR coming into force in less than a year. The volume of inbound enquiries Exonar is receiving from beyond its core market is testament to the current market need for such a solution and points to rapid expansion over the coming months. Beyond compliance, the solution clearly has tremendous potential from a business enablement and efficiency perspective — drivers that should fuel even further expansion.

©2017 IDC #lcCEMA42801817 3

IDC Research Paper on Exonars Capabilities for GDPR compliance

Find your data. Deal with its legitimacy. And put the controls and monitoring in place.