Scroll to top

Data & More | Compliance


Automated Data Compliance

We delete illegal data

GDPR, CCPA and PIPEDA makes it illegal for organisations to keep any personal data that you cannot document legitimate interest in. The D&M GDPR, CCPA and PIPEDA Toolbox gives end-users an overview of potential unlawful data. It provides a simple interface to remove unwanted data from email, file share, teams SharePoint, and other data repositories.

You can define specific data polices and rules how to handle the non-compliant data and identify key documents types (e.g. salary slips, job application, travel documents) that you handle in your organization.  

You can monitor your level of compliance across your data sources like mails, attachments, file shares, laptops, SharePoint, Intranet and any other data that can be connected to the Toolbox.

There is no need to ask your employees to go through many years of collected documents, mails and attachments. The toolbox can handle the job without interfering the daily routines of your employees, much more efficient and with better results.  And the toolbox will continue to monitor the data to keep you compliant.

The toolbox can even move or delete non-compliant mails and documents from eg. Office365

Simply connect your data directly from the interface, let the toolbox do a quick analysis, and you get a first view of how much personal data you have, where it is located and the risk of being non-compliant.

You can easily set up data policies and document rules and instantly follow the level of data compliance across the organisation and all profiled data as the toolbox continuous to keep an eye on the data.

Insight

Dashboard

How compliant are we? What departments work in a non-compliant way? What data policies are not being followed? Where is the sensitive data located?

Recognition

Automatic

By utilizing combinations of taxonomies, regEx and Natural Language processing (NLP) and any client specific inputs, the toolbox identifies sensitive and personal data

Speed

High Performance

One thing is finding the needles in the haystack - the other thing is how fast it takes. You decide the speed. It is just a matter of hardware.

Resources

Time for coffee

Our concept is automation - whenever possible. And minimal involvement. So don't expect a need for new colleges.

By utilizing a combination of taxonomies, regEx and Natural Language processing (NLP) our profiler can identify a wide variety of texts. Including all of the GDPR category 9 expressions such as health terms, financial indications, political and sexual orientation, biometric information empowerment.

Technical info

General information on e.g. amount of data attached and scanned, speed and status

Organizational compliance info

Compliance and risk status for the organisation, business unit and each department with the related policy breaches

Organisation compliance

Overview of compliance on a departemental (or employee) level to help on behavior transformation

Policies not followed

Information on trends and what data policies are not followed

Document compliance

Insight in compliance handling for each document type (e.g. salary slips, job applications, bonus sheets)

Dashboard, overviews and reports

What is our risk status? How compliant are we? Which departments work in a non-compliant way? Which data policies are in risk? Where is our sensitive data located? What are our high risk areas? These questions and many more are answered quickly using our dashboard. 

You can easily even create your own reports, with the content from the toolbox that suits your needs.

What constitutes personal data besides what is stated in GDRP differs from organizations to organization and is often influenced by business segment, culture and context.

Named entity recognition & GDPR article 9 information

By utilizing a combination of taxonomies, regEx and Natural Language processing (NLP), our profiler can identify the content of e.g. mails, attachments and documents. Including all of the GDPR article 9 expressions such as e.g health terms, financial indications, political and sexual orientation and financial information. By combining article 9 expressions with terms that identify data subjects or could lead to identification (PII), the toolbox detects Personal Data.

You can even supplement and customize your definitions of Personal Data to match the way it used  in your organization.

For each source the user can select which dictionaries as well as languages that should be used to analyze the source documents.

Custom taxonomies

We currently have more than one million entries in our taxonomies and are  expanding these when necessary.

The user can also add client specific dictionaries and RegEx and rate the impact of the custom factors with respect to sensitivity and to what extent the entry can be used to identify or infer data subjects.

Depending of the clearance the user can have access to the labels or to the labels as well as the label values. E.g. First Name is the label and David is the name.

Labels

When the toolbox is profiling your data, it sets the relevant labels for each document (or data set) that is connected to the toolbox along with a range of other metadata, e.g. document age, creation and modified data and other key points that is relevant for how the data should be classified and handled. All these data can be used to filter, search or be included in a report 

Data sources and file types

Out of the box D&M 2.0 CLOUD can connect to Office 365 including Outlook, OneDrive, OneNote and SharePoint documents stored in OneDrive as well as gDrive including all Google apps document types. D&M 2.0 also provides a RESTful API that can be used for custom reporting

The toolbox supports data sources based on Windows, Linux and MacOS file shares as well as Windows laptops. All the data sources can be mapped to specific departments used as parameters when setting up data policies and included when handling document classes

Document class builder

In order to make the most effective data polices, it is often efficient to identify a number of different document classes that your Data Policies can use. Document classes can be build using Labels and text value. An employment contact might be defined as a document containing the words “Employment contract” OR “Ansættelseskontrakt” and FULL_NAME” AND CPR. This might not identify an actual contract, but a mail with the information for a contract. Never the less both instances should be identified as sensitive personal data. If one would like to “only” identify employment contracts as a document and not mails about contracts, the user would add document Type is .doc in order not to find mails.

Data policy builder

One of the core features of the toolbox, is the unique opportunity to define data policies and monitor the compliance levels directly.

The user can easily set up any number of data policies by using logic operates and wildcards on  e.g. document classes, data source, departments, a specific file folder, data label, document dates and type, data type as well as any GDPR article 9 labels or any custom defined label.

The Toolbox can support the organization on many of the ways the non-compliant data can be handled.

Departments & Users

The toolbox lets you create multiple users and assign the users to different departments to be able to access, manage, and get insight. Each data source, account or folder within a data source can be assigned to a department. By assigning users to departments, you restrict the access of the user to a specific data set. This is very useful if the usage, cleanup and monitoring process is distributed to several departments within the organization.

Non-Complient Data Handling

Organizations have various ways to handle the identified non-compliant data. Some choose on a monthly basis automatically to inform the relevant employees with a list of the non-compliant mails and documents, some organizations have their Toolbox responsible (or DPO) to contact the individuals, while other organizations choose to automatically clean or move the related data to a more secure area. The handling depends on e.g. company culture, risk, severity, compliance maturity and company size. The Toolbox can support the organization on many of the ways the non-compliant data can be handled.

The Toolbox quickly lists all relevant data sets and their location.

Search Across All Data Sources

The Toolbox has extremely powerful search functionality, and can in just a few seconds locate all documents, mails and attachment related to a specific person (data subject) or specific search words and filters. This is done across all profiled sources and departments in the organization. The Toolbox quickly lists all relevant data sets and their location.

D&M 2.0 ON PREMISE also supports Windows, Linux and MacOS file shares as well as Windows laptops.

Types of Installation

The Toolbox can be installed on-premises at the client site, at a hosting partner or be used from a GDPR, CCPA and PIPEDA approved Cloud environment.

Our cloud version can instantly connect to Office 365 including Outlook, OneDrive, OneNote and SharePoint documents stored in OneDrive, as well as gDrive including all Google apps document types. The toolbox also includes a RESTful API that can be used for custom data integration to e.g. a Business Intelligence site

Our on premise also supports Windows, Linux and MacOS file shares as well as Windows laptops.