Yes it is true. You can easily lose huge amount of money, reputation, even the whole business.
Just like Google was already fined (https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc) or even a Portuguese hospital that was fined (https://www.insideprivacy.com/data-privacy/portuguese-hospital-receives-and-contests-400000-e-fine-for-gdpr-infringement/) for GDPR violation.
How can this happen?
If your sensitive data gets misused. Or if you are not able to prove that you do enough to prevent this from potentially happening. To protect the sensitive data, it is way insufficient to create written internal company rules and be „GDPR compliant“. You need to have real control of your sensitive data.
OK, but how? Sensitive data can be anywhere.
Yes, taking this into regard, first, you need to be aware of where your sensitive data are. And no, don’t think they are only in well-protected databases behind 4 firewalls. Ever opened for example a shared folder of a copy scanner where copies and scans of all employees on your floor are automatically saved? You would wonder what you would find. And this is just a drop in an ocean. Or a needle in a haystack.
There are countless documents on servers and user computers that contain sensitive data. Some of them are relevant and should be managed properly. Some of them are not. They are result of some previous activity and are not needed anymore. However, they were not deleted and pose a potential threat of leakage.
And how do you make sure that no sensitive information is sent away per email? Can be in good faith by some user as part of his or her activity.
It is critical to know where sensitive data are, who has access to them. Be it office files, pictures, scans, emails, archives… any file containing text is a potential threat.
OK, but how do you analyze so many files?
Yes, it can be hundreds of thousands of files. And they keep on changing every day. There is no way a human could ever analyze all of them. Fortunately, there are ways how to do it these days with the help of text mining and semantic analytics. First, text content and metadata is extracted from all files all over the network. The unstructured text content is then analyzed by a semantic analysis layer. As a result, the user is given a detailed information what files may potentially contain sensitive data, which of them may be the most critical to be further examined and cleaned. Thus, you get the most important and most critical part of data privacy: control of your sensitive data.
This is also very useful if someone comes in, asks for the complete list of related personal information or asks for the right to be forgotten according to GDPR. What will you do? Run a query from a database? OK, but what about the rest of the data – dwelling on purpose or totally accidentally in files and various documents?
I DON’T WANT any company to be fined or sued for sensitive data misuse or leakage or for GDPR non-compliance. We all have much better areas to spend our money in to make the world a better place. So we decided to do a small contribution to the mankind 🙂 We have been asked by our customers if we could handle this. We took the challenge. And guess what? There you go: we have developed EMARK Mole that will help you get your sensitive data under control.
It is quite easy to be used. We will help you with the initial set-up by means of a PoC. If necessary, we will tweak it to your requirements or you can tweak it yourself as you will get the full text content as well as metadata content from your files into a self-service analytics platform – Qlik. Just run it on your server and get your sensitive data under control.
Check it out: https://emarkmole.com/