The future of privacy compliance

On Tuesday 19 September, Simmons & Simmons are hosting a panel discussion devoted to technology solutions and addressing privacy challenges. The competing challenges and interests of greater regulatory requirements, heightened consumer concerns and greater commercial value of data, make finding new solutions and ways of dealing with data ever more important.

Alex Brown (Partner, ICT) will host and moderate the session and, amongst a technologically distinguished panel, will be Adrian Barrett (Founder and CEO) of Exonar. Canapés and drinks will follow.

Register for your place here.

UK GDPR Preparedness Survey

Exonar’s UK GDPR Preparedness Survey – Key Trends and Challenges

With less than a year until the implementation of the General Data Protection Regulation (GDPR) in May 2018, Exonar surveyed the data protection and wider IT community to gain an understanding of how prepared UK businesses are for the new regulation and what challenges are standing in their way.

Exonar’s goal was to understand the challenges that businesses are facing in the journey to become GDPR compliant. The research has highlighted numerous challenges to becoming compliant. GDPR is the best excuse a company has to identify opportunities to improve the data protection processes that they may already have in place. Approached in the right way it can even provide a competitive edge through forming a better understanding of a customer to tune products and services.

See the full survey results here.


There’s lots to love about GDPR

There’s lots to love about GDPR

What We’ve Been Reading And Writing This Month

GDPR – why it is a good thing for business
Plus – useful articles for tracking your GDPR progress
Manageable Data in Moments - The Upside of GDPR
Manageable Data in Moments – The Upside of GDPR
Over the past six months your LinkedIn feed will have told you that GDPR is coming and that you and your compliance, audit and IT teams have a myriad of actions to meet the forthcoming Regulation. But where’s the upside?
Why GDPR is the kick up the backside your marketing needs
GDPR hits home on 25th May 2018. Lawyers and consultancies are having a field day. Many of their internal counterparts are hyperventilating over the prospect but GDPR can only be a good thing…
Gaining competitive advantages from the GDPR
Gaining competitive advantages from the GDPR
Quite a few articles have already been written about the European Union’s new privacy legislation – the General Data Protection Regulation or GDPR, as it’s known to its friends (although if…
How to turn EU GDPR compliance chores into benefits
When the EU General Data Protection Regulation was announced last year, many business owners immediately panicked at the prospect of eye-watering fines and onerous obligations. But with…
Get our free GDPR report
The European Union’s General Data Protection Regulation is designed to protect individuals’ personal data and facilitate the exchange of information for businesses that operate in the EU….
GDPR: Where do I start? - GDPR.Report
The Exonar guide and simple framework to get started on your GDPR journey
Whose customer is it anyway?
Whose customer is it anyway?
In an environment where multiple members of the executive team are being compensated on customer metrics, who actually owns the relationship?
The totally unrelated section: Retro tech making a comeback
The totally unrelated section: Retro tech making a comeback
Reminiscing over the tech you loved is one thing but is old tech best left to a rose-tinted memory…not for everyone, here are the top 12 retro tech comebacks.

It all starts with Data Discovery

The noise around GDPR is increasing as organisations including Microsoft and Google set out their plans for complying with legislation.  Our aim is to filter that noise down to a considered conversation that focuses on what’s important to your business and how you can take the appropriate steps to deliver a positive GDPR outcome.  The following extract from our whitepaper illustrates how starting with what you know is the first step in the process.

Starting with What You Know

Most organisations have distinct functional areas with distinct processes and tools for holding data on individuals.  A simple table such as the one below provides an overview of the most common business functions, and the types of data they hold.

Once this initial dataset is understood, it becomes important to identify what is personal data and what is not.  This is further broken down into data that could be used to identify an individual, and information that would be classified as sensitive.

With GDPR, these definitions of data have been broadened to reflect the ways in which many organisations now retrieve and store information.

This broadening may result in additional compliance obligations for organisations.  The below provides an illustration of how this change will play out.



A Process of Data Discovery

Of course, starting with what you know only works if you know what data you have.  What GDPR forces business leaders to consider is where every single piece of personal data is across their IT estate – including the Cloud.  Taken in this context, the question of the data that an organisation holds on individuals becomes a complex one to answer, and one that is going to require time, resource and budget.

A thorough approach to data discovery, properly implemented, will lead you to data that you did not know about – offering not only a great start to GDPR compliance but also the opportunity to uncover and resolve data that is ‘hiding’ throughout your network, including company sensitive information, personally identifiable data and duplicated information.

To find out more about our approach to GDPR and how we can help your business use the legislation as an opportunity for business growth through great data management – download our whitepaper here: or get in touch at


Holistic Data for EU GDPR, Dude

Holistic Data for GDPR, Dude

What We’ve been Reading and Writing This Month

GDPR – Myths, Priorities, Toolkits
Plus – Record Breaking Fundraising for Childline
Busting the 5 Big GDPR Myths
Busting the 5 Big GDPR Myths
When a piece of legislation like the GDPR comes along, it makes for a huge amount of noise which can create a lot of confusion. Not everyone has the time or inclination to read the official…
Focus on Five High-Priority Changes to Tackle the EU GDPR
Focus on Five High-Priority Changes to Tackle the EU GDPR
The European General Data Protection Regulation will have a global impact as of 2018. Among the many changes, IT leaders should prioritise efforts where they are most affected. These five high-priority changes help you get up to speed with GDPR requirements.
It's holistic, dude: How to dodge the EU's £17m data...
Sysadmin blog Holistic IT is hard. There are those among us who want to purchase hardware, software, services or so-called turnkey “solutions” – as vendors call them – bearing logos and…
Why Consulting is No Longer Just a Clipboard Exercise
Why Consulting is No Longer Just a Clipboard Exercise
When you engage a consultant to help you with a business issue – what is it that you expect from them? For us, we’d be looking for expertise; strategic insights; challenging thinking….
DPO Toolkit
First, determine whether your organization is required to appoint a DPO under the GDPR. Does the GDPR say you need a DPO? Find out what a DPO looks like, what skills and expertise they…
GDPR – Why It’s About More Than Regulation. Download the White Paper
GDPR – Why It’s About More Than Regulation. Download the White Paper
GDPR is a significant challenge. Concentrating on the Data first can make everything else easier…
Exonar Fundraises with White Hats
Exonar Fundraises with White Hats
A record-breaking £198,000 was raised for Childline at the annual WhiteHat Ball which took place at London’s Lancaster Hotel on Friday 27 January. As more young people are turning to…
Trial Exonar to Understand Your GDPR Data
Trial Exonar to Understand Your GDPR Data
Whether it’s information security, governance, risk or compliance, the Exonar platform can help organisations deal with the growing volumes of unstructured data….

The EU GDPR: How to Know What You Don’t Know

Here’s a little challenge for you: can you list how many departments there are within your business?  How about the number of teams that sit within each department?  If that seems too easy, then how about listing the number of databases held by each team?  And if you really want a stretch, how about taking a guess at the number of data points your business holds on individuals.

It’s likely that everybody would know (or, in the case of a large corporate, could find out) the answers to the first two.  The second two can be almost impossible to manually discover.

Some would argue that it’s easy to find the number of databases within a business but what we have discovered during the course of our work is that many organisations have terabytes of unknown data – something we reflect on in our whitepaper “GDPR – Why It’s About More Than Legislation”.

For this blog post, we’re going to focus on just one element – that of unknown data.

The Data That You Know About

Let’s say an organisation has a team for each of the following functions: HR, Finance, Marketing, Sales, Operations and Customer Service.  Each of these teams is likely to have its own master data source.  It could be as straightforward as an SAP ERP system, each of the teams having a discrete Line of Business app or database, plus the company having an overall infrastructure to provide email and collaboration software.  Every interaction leaves a digital marker, and so every piece of data and its movement can be tracked.

If your organisation only has data that it knows about, then if you are asked by an individual to disclose or delete the information you hold on them as part of the GDPR then you should be fine.  Except that you’ve probably got the following:

Data That You Don’t Know About

What the above example doesn’t include are data repositories that many organisations have, but either don’t think about or don’t know that they exist.  These include, but are not limited to:

  • Decommissioned servers that are still holding data
  • Duplicated databases from campaign activity / mergers / roll-outs of new software
  • Data that has been wilfully misused
  • Data shared with a third party as part of a service-delivery contract
  • Emailed data that has been shared innocently or to avoid corporate process
  • Development servers that are not considered as part of the company’s live data estate


















All of the above instances introduce risk and cost to an organisation.  Risk in that confidential information could be leaked, lost, or accessed by unauthorised persons.  Costs come in the form of data breaches that result in legislation, plus remediation costs to fix the weakness in the network / governance process.

Pinning Down Unknown Data

Whilst you may have unknown data, it won’t take teams of consultants or outrageous cost to locate it within your organisation, and neutralise the risk it poses.  At Exonar, we’ve developed a platform that uses Big Data and Machine Learning to track down, identify and classify data – wherever it might be hiding.  We have helped clients to find and retrieve data containing passwords, personally identifying data points and company sensitive information.  We’ve also helped them to find terabytes of duplicated information.  As part of this process, they’ve reduced cost and avoided risk but what is perhaps more important to them organisationally is that they have flushed out what was previously ‘unknown’.

Better Business as Usual

Organisations that have a firm handle on all of their data assets not only have a more stable platform for managing the customer experience, they also have greater knowledge of their overall business.  At a time when businesses are awash with data, the ability to identify it and make it meaningful has far greater impact beyond GDPR compliance, but it’s a good place to start.

Exonar are experts in helping businesses to uncover unknown data, reducing risk and cost.  To find out how we can help you, get in touch.

Busting the 5 Big GDPR Myths

When a piece of legislation like the GDPR comes along, it makes for a huge amount of noise which can create a lot of confusion.  Not everyone has the time or inclination to read the official ICO documentation or, indeed, the Regulation which can mean that the truth becomes a little clouded.  At Exonar, we’re trusted by organisations to put them on the path to GDPR compliance by putting data management at the heart of their strategy.  Through the course of our work we’ve come across a few myths, so this short blog is here to bust them:

1)     You Have Until 2018 To Be Compliant

In March 2016 the ICO issued guidance on what organisations should be doing to get ready, so if you’ve not already considered how the GDPR will affect your business, you’re actually behind.  If you’re writing contracts today that will be in force during 2018, then those contracts must reflect GDPR legislation.  This includes treatment of data on European individuals and making sure the relevant processes are in place should they wish to see their data, or request for it to be deleted.

2) You Don’t Need to Worry About GDPR If You Only Hold Data on Customers

GDPR applies to information held on any European individual.  If you hold information on employees, prospects, contacts at suppliers, shareholders or customers, GDPR applies to you too.

3) It Doesn’t Apply to Companies Based Outside of the EU

What matters for the GDPR is the data that you hold – not the location of your organisation or data stores.  Even if your company is located outside of the EU, if you’re holding data on European individuals, the GDPR still applies.

4) If Your Databases Are Secure, You Don’t Need to Worry

The big question here is how do you know for certain that your data is secure?  We regularly find that organisations have terabytes of unknown “hidden” data across their networks in the form of decommissioned servers, emailed spreadsheets, development databases and other unexpected places (you can find greater detail on unknown data in our whitepaper).  Unless you can provide proof that you have conducted a detailed audit of the data that you hold on individuals, we would be very wary of assuming compliance.  The unknown data in your business could be what causes you to become unstuck.

5) GDPR Only Applies to Corporates, and Only to Data Controllers

GDPR applies to any organisation with more than 250 employees and places responsibility on both Data Controllers and Data Processors.

New legislation can feel overwhelming, and it can be tempting to leave it in the hands of the legal team, but we believe that our combination of straightforward advice, plus a software platform that reduces the cost and time associated with data management, puts you in control of the GDPR compliance process and gives you confidence that you’ll get it right first time.

To find out more about how Exonar could help you, get in touch.

Why Consulting is No Longer Just a Clipboard Exercise

When you engage a consultant to help you with a business issue – what is it that you expect from them?  For us, we’d be looking for expertise; strategic insights; challenging thinking.  Someone who brings us value that does not yet exist within our business or can offer an alternative view.

What you don’t want a consultant to do is burn time compiling spreadsheets or chasing people for extracts from databases – it’s not only a waste of their skills, it’s an expensive way to undertake this kind of exercise.

At Exonar, we believe in technology enabled consulting where the skills of the consultant are amplified by the fact that they’re focusing on bringing you value, in turn giving you greater value for money.  With the General Data Protection Regulation (GDPR) high on the agenda of many companies (and consulting firms), now is a great time to look at how technology enabled consulting works.

Consulting Approaches to Data Discovery

The Problem with Traditional Methods

A traditional consulting exercise (sometimes referred to as the ‘clipboard method’) requires multiple interviews, collection of data and compiling of reports, all of which takes up considerable amounts of time.  The output of this kind of engagement is only ever as good as the input, what the consultant has been told or can discover, and is only ever the view of a single point in time.  Engagements can become multi-year contracts which fail to keep track with the digital pace at which organisational change takes place.

How Technology Enabled Consulting Helps

By employing digital search techniques, the task of collecting data no longer becomes one that relies on an individual’s ability to search, or to ask the right questions of the right person, at the right time.  Big Data and Machine Learning enable organisations to discover data in an instant, search according to keywords and categorise data in a consistent manner.  The consultant can focus on interpreting results and delivering strategic insights knowing that the source data is accurate and the business can make well-informed decisions, faster.

No More Hidden Data

With terabytes of data on every network, it’s impossible for any one individual to know every data point that they hold.  Acquisitions, duplication, decommissioned servers and even employees leaving the company can lead to data being hidden or lost.  This kind of data could pose a risk to your business either through creating a position of non-compliance, or creating a weakness in your infrastructure that leaves you exposed to hackers or leaks.

Keep Up – Don’t Get Caught Out

With the GDPR placing a heavy responsibility on organisations to ensure they respond to all requests from individuals for information on every piece of data held about them; and specifying that they must have audit trails in place, being able to rapidly identify, classify and structure data is critical.  Given the rate at which organisations capture and use data on individuals, it would be impossible for a person (or a team of people) to keep up.  Specialist consultants will be invaluable in helping you to strategically plan for GDPR, but digital methods are vital for organisations who are serious about compliance.

Investing in the Right Places

At Exonar, we’re serious about helping organisations to achieve GDPR compliance via a technology enabled approach. Our whitepaper will tell you more or simply get in touch to discuss how.

How Machine Learning and Big Data Can Be Harnessed to Achieve GDPR Compliance

Ask anyone with responsibility for corporate compliance, company data or customer information what is keeping them awake at night and the answer is likely to be the EU General Data Protection Regulation (GDPR).

This is a piece of legislation so far-reaching that it will impact every single European individual who has shared their personal data with an organisation, and every single organisation that holds information on European citizens.

The stated objective of GDPR is : “To give citizens back control of their personal data, and to simplify the regulatory environment for business”.

Big Data Sets Require Big Compute Power

The temptation could be to throw as much manpower as you can at the mammoth task of trying to find, classify and organise every data point that you have, but there is a smarter way: using Machine Learning and Big Data.  Here’s why we think it’s the right approach:

Digital Audits = Nowhere to Hide

Within many organisations are terabytes of shadow data held in places including redundant servers, duplicated databases and email servers where customer information has been shared across the business or with third parties.  Digital audits exclude the possibility of data being accidentally missed, or hidden by an employee wishing to cover up a mistake.

Big Data = Rapid Search

How we search today has been shaped by our experience of search engines.  Applying Big Data principles to GDPR compliance means that what would previously have been a manual exercise becomes as simple as using keywords and a browser.

Machine Learning = Intelligent Classification

Machine Learning enables you to define a set of criteria after which it will automatically seek and classify data and continue to do so as data is added – moving you from a ‘point in time’ exercise to an ongoing position of compliance.

Software Driven Discovery Uncovers the Unknown

A manual audit of your business would deliver results that are only as good as what your employees have chosen to disclose.  Software driven discovery removes the risk of human error or cover-up, materially reduces the amount of time and cost that the discovery process takes and produces an easy to understand data map that shows a clear, actionable path to remediating your risks.

Automated Processes = Consistency

Key to GDPR, or any compliance, is consistency.  Automating processes means that you’ll get the right result, every time.

To read more on why we believe that data management is at the heart of GDPR regulation, download our whitepaper here. To speak to us about how we can help you meet GDPR regulation faster and with more accuracy than a standard consulting engagement, get in touch.

Exonar: Getting You Ready for the EU GDPR