Language

🇬🇧English🇩🇰Dansk🇸🇪Svenska🇩🇪Deutsch

Protect the People behind the Data

You can't breach data that isn't there!

Data & More helps organizations delete data that poses privacy or security risks. Enforcing GDPR since May 2018. Protecting data from AI since CoPilot

See how it works

Trusted by 260+ organizations

AC GroupDansk Boldspil-UnionZooBDOSundvikarAsgaardRed CrossDSBVestasNuudayArp-Hansen Hotel GroupBella GroupBusiness DanmarkBornholms Energi & ForsyningBHS LogisticsBehandlings SkolerneKalunborg ForsyningKerebyKommuneKreditVejdirektoratetRemondisStadtwerke WeinheimCej EjendommeDansk ArbejdsgiverforeningDanBoligDansk ErhvervEDCEuropæiske RejseforsikringGuldborgsund ForsyningGF ForsikringGrant ThorntonHalsnæs KommuneKøbenhavns ProfessionshøjskoleLemvigh-MüllerLouis PoulsenAC GroupDansk Boldspil-UnionZooBDOSundvikarAsgaardRed CrossDSBVestasNuudayArp-Hansen Hotel GroupBella GroupBusiness DanmarkBornholms Energi & ForsyningBHS LogisticsBehandlings SkolerneKalunborg ForsyningKerebyKommuneKreditVejdirektoratetRemondisStadtwerke WeinheimCej EjendommeDansk ArbejdsgiverforeningDanBoligDansk ErhvervEDCEuropæiske RejseforsikringGuldborgsund ForsyningGF ForsikringGrant ThorntonHalsnæs KommuneKøbenhavns ProfessionshøjskoleLemvigh-MüllerLouis Poulsen
Munkebjerg HotelKVUCLokalBoligMediqNationalmuseetNellemannNic. Christiansen GruppenNielsen Car GroupPer AarsleffSampensionNyborg KommuneWonderful CopenhagenPressalitByggeriets UddannelserCarlsberg FoundationBell Flavors & FragrancesBuchholz HydraulikDILLINGBPD ImmobilienentwicklungARGOAllied REITBrand InstituteLearnmarkForsyning HelsingørJohn FrandsenMorsø KommuneIndustriens PensionPBKRed Deer Public Libraryr2p GroupTop PartnersNordsternSeasight GroupVilla DubrovnikMunkebjerg HotelKVUCLokalBoligMediqNationalmuseetNellemannNic. Christiansen GruppenNielsen Car GroupPer AarsleffSampensionNyborg KommuneWonderful CopenhagenPressalitByggeriets UddannelserCarlsberg FoundationBell Flavors & FragrancesBuchholz HydraulikDILLINGBPD ImmobilienentwicklungARGOAllied REITBrand InstituteLearnmarkForsyning HelsingørJohn FrandsenMorsø KommuneIndustriens PensionPBKRed Deer Public Libraryr2p GroupTop PartnersNordsternSeasight GroupVilla Dubrovnik

The case for having less data

The new threat model

AI changed the rules

01

Model

Defense moved from network to data.

Neither firewalls nor access controls stop Copilot, Claude, or an MCP-connected agent from reading the file.

02

Speed

Human-speed risks became machine-speed.

An agent pulls millions of records in minutes. The breach is over before the SOC alert fires.

03

Reach

Every AI compounds the exposure.

HR-AI, CRM-AI, Office AI, agentic workflows, all reading the same uncleaned data.

04

Remedy

Deal with it.

Move it to a controlled location, or delete it. No third strategy scales at machine speed.

See implementation

Why have less data

Why GDPR make less data a legal requirement

01

The law

It’s already a legal requirement.

GDPR Article 5 doesn’t just say “protect personal data.” It says you may only keep it for as long as you need it — storage limitation — and you may only collect what you actually need — data minimisation. Holding personal data without a purpose isn’t a grey area. It’s illegal. Less data isn’t a strategy. It’s the rule.

02

DSARs

Every record is a future request.

A Data Subject Access Request requires you to find, compile, and produce every piece of personal data you hold on one person — within a calendar month. Right of Erasure and Right of Rectification work the same way. The smaller your data footprint, the faster, cheaper, and lower-risk every request becomes. A lean archive answers in days. A bloated one misses deadlines and produces wrong answers in court.

03

Breach scope

Less data, smaller breach.

Fines, notification obligations, and reputational damage all scale with what was in the breach when it happened. Article 33 gives you 72 hours to notify the supervisory authority. Article 34 may require you to notify every affected individual. The volume in those notices — and the fine that follows — is set the day before the breach. Verified deletion shrinks that number every day.

Why have less data

Security's case for having less data at risk.

01

Security Documents

Pentests don’t belong in inboxes.

Penetration tests. Network diagrams. Vulnerability reports. Architecture documents. Incident playbooks. Credentials in screenshots. The documents that describe exactly how to attack your environment are sitting in mailboxes, Teams channels, and SharePoint sites — emailed once, shared once, forgotten forever. Every copy is a roadmap waiting for the wrong reader. Security data should be locked down. Most of it isn’t.

02

AI Access

AI wants your source code.

The same Copilot, RAG pipeline, or internal LLM you’re shipping with is also indexing your repositories, design docs, and security review notes. Once that data is in the model’s context, it surfaces to anyone who can ask the right question. AI doesn’t distinguish between code you want it to help with and credentials it should never have seen. The fix isn’t smarter AI — it’s less data in front of it.

03

Access Sprawl

Most people shouldn’t have access. Most do.

Confidential strategy decks, M&A files, HR records, salary data, customer PII. The access lists are far longer than the org chart suggests. Role changes leave permissions behind. Inherited shares come in through acquisitions. “Share with the team” turns into “share with anyone who ever joined the team.” The number of people who can reach restricted data is always higher than anyone thinks. Deletion is the only audit that gets it back to reality.

Introduction to the Privacy & Security Platform

AI-generated overview of the Data & More Privacy & Security Platform

Free assessment

Get a free Privacy & Security review and identify your Data Privacy Risk Premium

  1. 01What volume and percentage of documents in the organization contain personal data that may be non-compliant with GDPR?
  2. 02What types of personal sensitive data are most commonly found across the organization's unstructured data?
  3. 03How old is the non-compliant personal data retained by the organization?
  4. 04Which user accounts or departments hold the largest share of privacy risk?
  5. 05Is the volume of non-compliant data in the organization increasing over time?
  6. 06What is the average number of non-compliant documents per user account?
  7. 07How does the organization's compliance rate compare to industry benchmarks?
  8. 08What are the trends in data production versus the creation of privacy-risk data?
  9. 09How many unique individuals (data subjects) are exposed through retained data?
  10. 10Which documents in the organization affect the highest number of data subjects?
  1. 11How much personal sensitive data has been shared via email or external channels?
  2. 12What are the most common categories of documents containing personal data?
  3. 13Which types of GDPR-sensitive data (e.g., health, political, union) are detected?
  4. 14What is the estimated annual financial risk due to privacy non-compliance?
  5. 15What criteria define non-compliant personal data within the organization?
  6. 16What types of documents pose significant IT security risks to the organization?
  7. 17Which file types most often contain privacy or security-sensitive data?
  8. 18How is security-sensitive information distributed across users or departments?
  9. 19What techniques and tools are used to identify and classify risky data?
  10. 20How do the organization's data management practices affect operational, financial, and reputational risk?
View Sample Report (PDF)

Customers

Real outcomes across regulated sectors

Aviation

Dark Web Data Breach Analysis

A ransomware attack resulted in customer data appearing on the dark web. Data & More scanned encrypted networks to identify and accurately determine leaked personal and sensitive data — saving consultant costs and enabling rapid customer communication.

Enterprise

File Share Custodian Mapping

A leading Danish organization faced cleanup of millions of files across servers from current and former employees without formalized ownership protocols. Data & More conducted comprehensive content scanning, classification, GDPR compliance assessment, and established a new custodian framework for file drive ownership while deleting irrelevant data.

Public Sector

Municipal Sensitive Data Accumulation

A municipality accumulated personal and sensitive citizen information through email case handling without proper archival or GDPR compliance over many years. Data & More deployed a solution enabling employees to access summaries of non-compliant emails dating years back, empowering efficient resolution.

Enterprise

Executive Support for DPO Initiatives

Larger EU organizations require Data Protection Officers for compliance but struggle to obtain support and budget. Data & More helped DPOs through automatic fact-based scanning of email accounts, providing concrete evidence to secure executive backing for privacy initiatives.

Less data. Less risk.

Get a free Privacy & Security review and identify your Data Privacy Risk Premium. Try monitoring 250 mail accounts for free.