An important step on the road towards GDPR compliance is getting a holistic overview of the data an organization collects and stores. To do this, a data map should be created and kept up to date.
“To create an adequate data map, data have to be scanned,” Artur Assor, Head of Data Protection at Nortal, told the crowd at the Analysts’ Morning this week. He explained that if a data map is created based on interviews and workshops, it is probably not accurate. “This way, you will most likely map people’s assumptions on what kinds of data you have instead of what you actually have. And as experience shows, there’s a big gap between assumptions about the data and the actual data.”
Even if you think you’re on top of your data game, Assor is confident a full scan of all the data would produce surprising results that help companies build better data maps. “I’m saying this based on experience we’ve had with our clients, and also experimenting with our new DeepScan tool inside Nortal,” Assor added.
To facilitate creating a fact-based data map, Nortal has built a new tool for data governance – DeepScan. DeepScan can automatically scan data from variety of sources of structured and unstructured data, such as databases, system logs, file systems, emails, scanned and PDF documents.
After scanning the data, DeepScan automatically analyzes, identifies and classifies existing data, such as personal or specific business-related information. As a result, organization’s data map is created.
“It is extremely important to have detailed understanding what kind of data an organization has and where,” Assor said. “This helps to assure sensitive information will not end up somewhere it shouldn’t be and that that unauthorized access to the data won’t happen.”
DeepScan automatically analyzes, identifies and classifies existing data.
Assor shared how Nortal’s team discovered different type of sensitive information while scanning several Estonian public document registries this spring.
During the scans, content from various formats of documents, including scanned paper documents was made readable so that users could create certain queries and search for data with specific parameters. The team was able to identify both ordinary personal data and sensitive personal data from different sources.
Nortal alerted the Estonian Data Protection Inspectorate and gave them an opportunity to test the tool for additional scans. During those additional scans, more sensitive personal data was found from registries that are publicly accessible online.
“Although this example comes from the public sector, it illustrates well the challenges that businesses also have — knowing what kind of data you have and where they are stored,” Assor said. “Having help from technology considerably diminishes the manual labor that has so far gone into creating data maps. It also considerably shortens the time you have to spend on mapping. As a result you get a map that better suits your needs.”
Assor was speaking at an Analysts’ Morning event, organized by Nortal. Analysts’ Mornings were born after people at Nortal were consistently coming back empty handed when researching networking and community events aimed at analysts. As they believed analysts deserved an event like Nordic Testing Days for software testers, or Geek Out for the Java community, the time seemed right to take matters into their own hands. Ever since the first event in October 2014, Analysts’ Mornings have become widely popular and the community has grown to more than 1,000 members.
|Artur Assor, Nortal’s Head of Data Protection, has been praised for his ability for seeing the bigger picture and communicating a vision, while at the same time having the capacity to take big projects through change. With more than ten years of experience in the tech industry, he is passionate about finding new ways to take full advantage of the data organizations collect and store. To go into more detail about data protection and data governance, get in touch with him via email.|