Scroll to top

© Data & More Aps 2025, all right reserved | Flaesketorvet 68, 1711 Kbh V, Denmark. CVR-nr: 38185659 | Impressum
Search
START TYPING AND PRESS ENTER TO SEARCH

Data & More | We delete illegal data

GDPR, CCPA and PIPEDA makes it illegal for organisations to keep any personal data that you cannot document legitimate interest in. The D&M GDPR, CCPA and PIPEDA Toolbox gives end-users an overview of potential unlawful data. It provides a simple interface to remove unwanted data from email, file share, teams SharePoint, and other data repositories.

You can define specific data polices and rules how to handle the non-compliant data and identify key documents types (e.g. salary slips, job application, travel documents) that you handle in your organization.  

You can monitor your level of compliance across your data sources like mails, attachments, file shares, laptops, SharePoint, Intranet and any other data that can be connected to the Toolbox.

There is no need to ask your employees to go through many years of collected documents, mails and attachments. The toolbox can handle the job without interfering the daily routines of your employees, much more efficient and with better results.  And the toolbox will continue to monitor the data to keep you compliant.

The toolbox can even move or delete non-compliant mails and documents from eg. Office365

Simply connect your data directly from the interface, let the toolbox do a quick analysis, and you get a first view of how much personal data you have, where it is located and the risk of being non-compliant.

You can easily set up data policies and document rules and instantly follow the level of data compliance across the organisation and all profiled data as the toolbox continuous to keep an eye on the data.

This is an AI generated video

Insight

Dashboard

How compliant are we? What departments work in a non-compliant way? What data policies are not being followed? Where is the sensitive data located?

Recognition

Automatic

By utilizing combinations of taxonomies, regEx and Natural Language processing (NLP) and any client specific inputs, the toolbox identifies sensitive and personal data

Speed

High Performance

One thing is finding the needles in the haystack - the other thing is how fast it takes. You decide the speed. It is just a matter of hardware.

Resources

Time for coffee

Our concept is automation - whenever possible. And minimal involvement. So don't expect a need for new colleges.

Get a free Privacy & Security review and identify your Data Privacy Risk Premium

  1. What volume and percentage of documents in the organization contain personal data that may be non-compliant with GDPR?
  2. What types of personal sensitive data are most commonly found across the organization’s unstructured data?
  3. How old is the non-compliant personal data retained by the organization?
  4. Which user accounts or departments hold the largest share of privacy risk?
  5. Is the volume of non-compliant data in the organization increasing over time?
  6. What is the average number of non-compliant documents per user account?
  7. How does the organization’s compliance rate compare to industry benchmarks?
  8. What are the trends in data production versus the creation of privacy-risk data?
  9. How many unique individuals (data subjects) are exposed through retained data?
  10. Which documents in the organization affect the highest number of data subjects?
  11. How much personal sensitive data has been shared via email or external channels?
  12. What are the most common categories of documents containing personal data?
  13. Which types of GDPR-sensitive data (e.g., health, political, union) are detected?
  14. What is the estimated annual financial risk due to privacy non-compliance?
  15. What criteria define non-compliant personal data within the organization?
  16. What types of documents pose significant IT security risks to the organization?
  17. Which file types most often contain privacy or security-sensitive data?
  18. How is security-sensitive information distributed across users or departments?
  19. What techniques and tools are used to identify and classify risky data?
  20. How do the organization’s data management practices affect operational, financial, and reputational risk?

Cases

Cleanup with minimal involvement of the organization

An organization faced a critical challenge: cleaning up non-compliant emails and documents with minimum employee impact. Moreover, they required a continuous monitoring and cleanup process to ensure that all new and existing mails and documents complied with their stringent business compliance regulations.

Data & More configured their solution to these needs. Initially, the system conducted an extensive scan of all pertinent data. Following this initial cleanup, the solution made daily scans to monitor new and modified data. This process was governed by the client’s specific rules for handling non-compliant data. As a result, employees were either promptly notified about their data’s compliance status or, following the firm’s compliance mandates, non-compliant data was immediately deleted without involving the employee. This dual approach ensured proactive compliance management and increased employee awareness, seamlessly aligning the firm’s operations with its compliance standards.

Analysis of data breach data on the dark web

A ransomware attack followed by a data leak from an airline industry ended up on the dark web (websites that exist on an encrypted network and cannot be found using traditional search engines), where personal and sensitive data about the airline customers could be bought and mis-used.

Data & More scanned the dark web to identify and very accurately determine who and what information about their customers was leaked. This saved the company money that would have been spent on consultants doing tedious work struggling with the manual task of reading the content. The task was carried out quickly enabling the company to communicate effectively to the relevant customers.

Lack of custodian mapping (responsibilities) on file shares

A leading Danish organization faced a cleanup task in its file drives. Over the years, these drives had become cluttered with millions of files from current and former employees stored across the company’s servers. Furthermore, there was an issue due to the absence of formalized ownership and clear protocols for storing these unstructured data, resulting in essential business data being scattered in various locations and often being forgotten.

In collaboration with the company’s Data Protection Officer (DPO), Data & More launched a comprehensive scan of all the stored content. This meticulous process was not only aimed at inventorying the content and classifying the data involved but also at assessing compliance with GDPR regulations to determine if specific files needed to be deleted. Utilizing the custodian mapping feature in the solution, Data & More and the DPO successfully established a new custodian framework for managing file drive ownership while deleting irrelevant data. This initiative was pivotal in not just cleaning up the existing data but also being able to be in control of any new data. Consequently, the client was not only able to streamline their data storage but also prevent future accumulation of unregulated files.

Accumulation of very sensitive citizen information in a municipality

Throughout the years, the municipality’s reliance on emails when handling cases involving citizens and having in-house email dialogues with colleagues about these cases, resulted in an accumulation of personal information that was neither archived nor managed in compliance with regulations such as the GDPR. This led over many years to a massive build-up of personal and very sensitive data not being handled or deleted according to regulations,

Data & More responded to this challenge by deploying their solution in alignment with the municipality’s IT security team’s requirements. This implementation involved a scanning of all the municipality’s emails. Data & More spearheaded a streamlined process, enabling employees to effortlessly access a summary of their non-compliant emails even dating years back. This initiative empowered them to efficiently address and solve any issues, ensuring better compliance and data management practices.

Getting the attention and support of top management

Larger organizations in the EU must have a Data Processing Officer (DPO) who focuses on data compliance regulation (e.g. GDPR in the EU). One thing is having the title and the role – a completely different thing is getting the needed support and budget to make changes and start complying with the regulations. Many DPOs are frustrated with not having the means to carry out what is expected in their role.

Data & More has helped DPOs by conducting an automatic fact-based scanning of a selected amount of e.g. email accounts or files as one of their services. The scanning gives the DPO a well-documented and fact-based insight into the organization’s compliance with rules for data clean-up and can be used by the DPO to get the management attention and support needed for the journey that will lead to compliance.

Data Breach Analysis

A significant and urgent data breach impacting numerous file servers for a company created a business critical and urgent need for a swift and effective resolution. The company faced a daunting challenge due to the extensive years of accumulated data not knowing exactly what kind of data was in the breach.

To address this, Data & More was promptly engaged. Within 12 hours, a robust setup was established, giving Data & More’s solution access to the compromised servers and the breached data. This setup enabled an efficient and comprehensive scan of the data repositories. As a result of this thorough scanning process, it was possible to precisely identify the data affected by the breach, including the crucial determination of whether any personal or sensitive information had been compromised.

Screenshot of the Data Miminization Manager

By utilizing a combination of taxonomies, regEx and Natural Language processing (NLP) our profiler can identify a wide variety of texts. Including all of the GDPR category 9 expressions such as health terms, financial indications, political and sexual orientation, biometric information empowerment.

Dashboard, overviews and reports

What is our risk status? How compliant are we? Which departments work in a non-compliant way? Which data policies are in risk? Where is our sensitive data located? What are our high risk areas? These questions and many more are answered quickly using our dashboard. 

You can easily even create your own reports, with the content from the toolbox that suits your needs.

What constitutes personal data besides what is stated in GDRP differs from organizations to organization and is often influenced by business segment, culture and context.

Named entity recognition & GDPR article 9 information

By utilizing a combination of taxonomies, regEx and Natural Language processing (NLP), our profiler can identify the content of e.g. mails, attachments and documents. Including all of the GDPR article 9 expressions such as e.g health terms, financial indications, political and sexual orientation and financial information. By combining article 9 expressions with terms that identify data subjects or could lead to identification (PII), the toolbox detects Personal Data.

You can even supplement and customize your definitions of Personal Data to match the way it used  in your organization.

For each source the user can select which dictionaries as well as languages that should be used to analyze the source documents.

Custom taxonomies

We currently have more than one million entries in our taxonomies and are  expanding these when necessary.

The user can also add client specific dictionaries and RegEx and rate the impact of the custom factors with respect to sensitivity and to what extent the entry can be used to identify or infer data subjects.

Depending of the clearance the user can have access to the labels or to the labels as well as the label values. E.g. First Name is the label and David is the name.

Labels

When the toolbox is profiling your data, it sets the relevant labels for each document (or data set) that is connected to the toolbox along with a range of other metadata, e.g. d
ocument age, creation and modified data and other key points that is relevant for how the data should be classified and handled. All these data can be used to filter, search or be included in a report 

Data sources and file types

Out of the box D&M 2.0 CLOUD can connect to Office 365 including Outlook, OneDrive, OneNote and SharePoint documents stored in OneDrive as well as gDrive including all Google apps document types. D&M 2.0 also provides a RESTful API that can be used for custom reporting

The toolbox supports data sources based on Windows, Linux and MacOS file shares as well as Windows laptops. All the data sources can be mapped to specific departments used as parameters when setting up data policies and included when handling document classes

Document class builder

In order to make the most effective data polices, it is often efficient to identify a number of different document classes that your Data Policies can use. Document classes can be build using Labels and text value. An employment contact might be defined as a document containing the words “Employment contract” OR “Ansættelseskontrakt” and FULL_NAME” AND CPR. This might not identify an actual contract, but a mail with the information for a contract. Never the less both instances should be identified as sensitive personal data. If one would like to “only” identify employment contracts as a document and not mails about contracts, the user would add document Type is .doc in order not to find mails.

Data policy builder

One of the core features of the toolbox, is the unique opportunity to define data policies and monitor the compliance levels directly.

The user can easily set up any number of data policies by using logic operates and wildcards on  e.g. document classes, data source, departments, a specific file folder, data label, document dates and type, data type as well as any GDPR article 9 labels or any custom defined label.

The Toolbox can support the organization on many of the ways the non-compliant data can be handled.

Non-Complient Data Handling

Organizations have various ways to handle the identified non-compliant data. Some choose on a monthly basis automatically to inform the relevant employees with a list of the non-compliant mails and documents, some organizations have their Toolbox responsible (or DPO) to contact the individuals, while other organizations choose to automatically clean or move the related data to a more secure area. The handling depends on e.g. company culture, risk, severity, compliance maturity and company size. The Toolbox can support the organization on many of the ways the non-compliant data can be handled.

Departments & Users

The toolbox lets you create multiple users and assign the users to different departments to be able to access, manage, and get insight. Each data source, account or folder within a data source can be assigned to a department. By assigning users to departments, you restrict the access of the user to a specific data set. This is very useful if the usage, cleanup and monitoring process is distributed to several departments within the organization.

The Toolbox quickly lists all relevant data sets and their location.

Search Across All Data Sources

The Toolbox has extremely powerful search functionality, and can in just a few seconds locate all documents, mails and attachment related to a specific person (data subject) or specific search words and filters. This is done across all profiled sources and departments in the organization. The Toolbox quickly lists all relevant data sets and their location.

D&M 2.0 ON PREMISE also supports Windows, Linux and MacOS file shares as well as Windows laptops.

Types of Installation

The Toolbox can be installed on-premises at the client site, at a hosting partner or be used from a GDPR, CCPA and PIPEDA approved Cloud environment.

Our cloud version can instantly connect to Office 365 including Outlook, OneDrive, OneNote and SharePoint documents stored in OneDrive, as well as gDrive including all Google apps document types. The toolbox also includes a RESTful API that can be used for custom data integration to e.g. a Business Intelligence site

Our on premise also supports Windows, Linux and MacOS file shares as well as Windows laptops.

Get in touch

Let us meet

Denmark

  • Address:

    Flaesketorvet 68, 1711 Copenhagen

  • Email:

    info@dataandmore.com

  • Phone:

    +45 4290 1070

  • Website:

    dataandmore.com
Canada

  • Address:

    500 - 4th Avenue SW, Calgary, Alberta

  • Email:

    info@dataandmore.com

  • Phone:

    +1 587 966 9070
Germany

  • Address:

    Elbchaussee 438, 22609 Hamburg

  • Email:

    info@dataandmore.com

  • Phone:

    +49 151 6846 3242

Get in touch

Say Hello