This client based in mainland Europe has a global client base and receives a high volume of data on a daily basis via email. The sensitive nature of their work means that data security is vital, and whilst they were fully compliant under the relevant regulations, ahead of the GDPR they still wanted an extra layer of security.
The client required a security assessment to audit the risk profile of the current data estate, and also continue to compile reports to assess how well they are continuing to reduce risk and identify breaches going forward.
The client lacked a process where regular assessments were carried out which would deliver an overall risk rating on the level of risk posed to the business through documents that don’t comply with the GDPR.
The client operated in multiple languages, so the tool needed to recognise any data threats in a variety of languages and formats. It needed to be easy to implement so as not to add a large project to the IT workload. Meanwhile, there were substantial amounts of data to look at, particularly scanned documents within emails.
In order to meet the challenges, a solution was implemented and began work on 68 devices within the customer services department, scanning for potential risks.
The information was presented within the intuitive dashboard, allowing the team to analyse the data.
DDCAS successfully scanned 995,487 documents, out of which 13,629 were flagged as possible GDPR risks.
Once the scans had completed, the information was presented within the intuitive dashboard, allowing the team to analyse the data, and more importantly act, in priority order.
DDCAS was able to offer the following conclusions:
- Some of the information flagged as a threat was example personal identifiable data such as IBAN Numbers, Account Numbers etc that were used within template documents, we noted them as actual threats as technically they are legitimate personal identifiable data. Many of the threats were in a few specific locations on the computers’ hard drive – App Data, Chrome Cache, Recycle Bin, Downloads, this makes taking action much easier. It also means specific action plans, i.e. either store them securely or delete them from the drive.
- There were no actual breaches, only risk.
- Finally, and imperatively for the client, only 14 of the files were actual risks, scoring a GDPR risk score of Level 8 & 9, 9 being the highest. So actually, despite handling a huge data estate, the client can be assured that they are adequately managing the associated threats.
With conclusions come recommendations. The dashboard offers a clear view of the relevant areas, and therefore, the relevant members of staff can be directed to implement new ways in which to work or handle sensitive data.
Amongst the 5 key points raised, the key was for a specific project team to use a secure shared folder for all files that include potential GDPR threats.
Fortunately, in this case, the client was already well prepared to handle the data passing through the business. Now with the added layer of protection with DDCAS , the company can continue to grow safe in the knowledge any risks will be identified and easily actioned.
We were able to quickly identify personal identifiable data that we didn’t know existed, this transparency gave us the intelligence we needed to prevent data leakages and data breaches. Without DDCAS we wouldn’t have any way of regularly measuring our risk levels and purging data that doesn’t comply, which gives our clients and employees the confidence that our operations are compliant with the GDPR and that their data is protected.
Business Risk Management
Automate security and compliance across the whole enterprise
- Mitigate risk and prevent data leakage
- Comply with the GDPR with our automated scans
- Satisfy Subject Access Requests and perform redaction with ease