Changing the eDiscovery Mindset

Reactive Mindset

At present, eDiscovery is centred around production of vast quantities of emails and file records as quickly as possible for a legal engagement. The entire mindset is purely reactive and organisations are trying to perform searches of their Data without existing adequate management – in some cases none at all – and delaying the outputs or including results that should have long been deleted or properly archived. This is costly, both in terms of time and bottom line and may have negative impacts in how quickly they can respond to cases.

eDiscovery Mindset
Continue reading “Changing the eDiscovery Mindset”

Could You Handle a DSAR Right Now?

DSAR – What is it?

At present, a Data Subject Access Request (DSAR) is a demand from an individual to an organisation to produce a copy of all the Data that the organisation holds on them. The individual must make a written request and pay a fee.  The individual must then be informed about any personal data being processed, a description of the personal data and the reasons it is being processed, whether it will be given to any other party, and given a copy of the Data.

In most cases you must respond to a subject access request promptly and in any event within 40 calendar days of receiving it.
Continue reading “Could You Handle a DSAR Right Now?”

Culture, Process and Technology for GDPR

More Than Just Technology

We have been talking about the GDPR for quite some time now –  since the enforcement deadline of May 25th came into the distant horizon and we have been helping people prepare for the Unstructured Data (email and file) element of the regulation. One common misperception we have encountered, time and again, is the notion that getting one  vendor’s software will tick the entire GDPR box and you can then relax until audit day.

Culture, Process, Technology

Culture, Process and Technology

Continue reading “Culture, Process and Technology for GDPR”

Waterford Technologies GDPR Survey

GDPR Survey 

GDPR legislation will come into full effect on May 25th 2018, enshrining full accountability for personal Data Protection. Processing, retaining and sharing Data which contains personal or personal sensitive information will be subject to stringent new rules and all organisations handling Data will need to be prepared for this. Waterford Technologies conducted a survey on our client base and the wider marketplace during October and November 2017 and some of the findings were surprising, even for our experts who deal with Data Management issues every day. 

Survey Delivery

In October and November 2017, we carried out a survey with a focus on Data Management, Compliance and GDPR.

We polled 2,050 decision makers from our client database and across many industries in Ireland, Europe and the UK in the following roles:

  • IT Directors and Managers
  • Data Protection Officers
  • CIOs
  • Compliance Managers
  • Legal representatives

From the 1,500 responses, we summarised the findings of this survey to spotlight the challenges that organisations experience at the moment in terms of Data Protection and especially GDPR readiness and preparation.

GDPR Compliance

Massive Email “Fail”

Although organisations still conduct the vast majority of business communications through email, a staggering 87% of survey respondents had not made any proper planning provision for dealing with email for GDPR. Either completely overlooking email or wrongly considering it to be within the Structured Data category as opposed to Unstructured Data (which it is), was the biggest single surprise.

50-50

Just around half (51%) of our respondents already have a properly developed Data Management plan in motion for GDPR, leaving a very tight timeline for the remainder to get a strategy and begin work on a project to align to the new legislation coming out in May. Responsible people will need to act early and fast in 2018 to get off the blocks.

Personal Data

82% of emails can be classified as containing Personal Data which is subject to GDPR audit and compliance. Worryingly, 52% of survey respondents revealed that there was not a complete awareness of the potential results of non-compliance with GDPR regulations on Personal Data.

Data Management Challenges

Selected Data Management responses from our GDPR Survey

  1. Momentum – Does an Active GDPR Project exist?

  2. Ownership – The GDPR Data Management project will not belong solely to IT decision makers.
    Ownership of GDPR Data Project
  3. Focus – What Data is in your scope for the GDPR project?Data Under Scope
  4. Internal awareness of GDPRInternal GDPR Awareness
  5. The consequences of not complying with GDPRAwareness of Consequences of Non-Compliance

Key Survey Takeaways

  • Overall, there is a large proportion of unreadiness for GDPR across all sizes of organisation with almost half of respondents indicating that a project had not started at the time of the survey. We expect this to change rapidly in the first weeks and months of 2018 as the May deadline approaches.
  • Forgetting that email, the lifeblood of business, is under scope for GDPR will be no excuse if a DSAR (Data Subject Access Request) is received or when a Data breach or compliance audit happens. Make a plan for email now!
  • Ownership of the project to ensure GDPR compliance will involve different functions from across the organisation.
  • Taking accurate “stock” of which Data is in focus for projects and GDPR audits has clearly not been enough of a priority for most survey respondents yet.
  • Understanding what Unstructured Data is and how much of it exists on Email and File servers is critical to making plans to deal with it and achieve compliance.
  • Limiting the amount of Personal Data sitting on the organisation’s servers will greatly decrease the possibility of non-compliance.

Data Project for GDPR Readiness

As we have discussed recently in our blog, the GDPR data project need not be a massive undertaking and our team of Data Management experts stand ready to assist you in your journey to compliance.

Scheduled audits, surprise inspections and post-breach investigations are all on the table and with the sheer level of “noise” around the whole GDPR introduction, it is easy for procrastinators to be confused by the number of options out in the market offering “silver bullets” to deal with it.

Finding where Personal Data is located on servers is a challenge that needs to be addressed immediately before GDPR comes into play and also on an ongoing basis to ensure that Unstructured Data compliance is maintained.

Practical Focus for GDPR Projects 

“GDPR and its potential fines are or are about to be the hot topic of conversation for all EU organisations in the coming weeks and months, with lots of promises and scare mongering, but not much in the way of fact and reality.” says Gary White, CIPP/E, Data Management Consultant with Waterford Technologies.

“GDPR is in reality the enforcement of existing data protection and compliance rules that have been almost completely ignored by organisations for years and which have now been updated and enforced via fines. GDPR will require organisations to look at multiple vendors to provide and comprehensive solution, as the fact remains that no one company can solve all their needs and a lot of companies are spreading fear by focusing on the wrong areas.”

White prefers to look at a practical focus for meeting compliance needs “Waterford Technologies via ComplyKEY focus on one key area, Unstructured Data or the day to day data of all organisations – email and file – to you and me. Accounting for anywhere between 70 and 80% of all data held by organisations, this is simply too critical to ignore, but unfortunately that seems to be the case as more and more organisations look at the Headline items from GDPR such as breach notification or data transfers and not the true daily headaches such as DSAR, analysis, retention and discovery”

 

About Waterford Technologies 

Waterford Technologies assists thousands of client organisations globally to proactively manage Unstructured Data (email and file) to best practice compliance standards. We enable organisations to make Data decisions based on their facts – bringing Unstructured Data to light and enabling analysis, plans and immediate action on the findings. 

We do not claim to solve all your GDPR headaches but will enable clients to meet requirements for Unstructured Data, which makes up roughly 80% of all business Data. That is a huge tick in the GDPR readiness journey!

We tailor a solution for your GDPR Unstructured Data requirement at a reasonable price point for your organisation, providing the expert advice and the toolset to allow you to achieve GDPR compliance for email and file.

Talk to our experts today

Waterford, Ireland  (January 8, 2018)

Take Our Unstructured Data Challenge

New Year, New You…

It is the first week of January and naturally we are being bombarded across all media with offers of health and fitness products and services to repair any festive damage. A huge amount of advertisements, peer pressure and reality TV shows will focus minds on meeting the challenge of getting fit for the year ahead.

Unstructured Data Challenge

Unstructured Data Challenge

Just like people, organisations can get bloated over time and a surplus of Data can clog the virtual arteries of business value. It is bad enough when the Data is Structured (in a database or CRM system) and therefore easily found but this can become a chronic problem when it involves the largely unseen Unstructured Data (email and file) that is generated on a constant basis in the normal course of doing daily business. Normally this is a challenge in itself but this year, we have the GDPR coming into force at the end of May.
Continue reading “Take Our Unstructured Data Challenge”

Dark Data Minus Analysis = Landfill

Unexplored Country

“Big Data” is a very popular phrase and staggering statistics have been appearing in the Tech media for years to try to get a handle on the concept of just how quickly and exponentially it is growing. Independent research analysis firms such as Gartner, IDC and Forrester are constantly bringing out new and impressive comparative statistics on the topic. A lot of the fast growing Data volume on your servers is valuable, or may be valuable, or it may be so much trash…one thing for certain is that without proper analysis it is Dark Data.

How can you possibly determine value without the proper insight?
Continue reading “Dark Data Minus Analysis = Landfill”

Email Continues to Grow Exponentially

Messaging Options Grow

It is 2018 and we are spoiled for choice in terms of business communication. Whether it is internal work group collaboration or external correspondence with customers and prospects, the options for interaction continue to grow. In such a landscape, with chatbots, IM, video calls, social media messaging all freely available, it would be forgivable to mentally write off the “old school” email as a thing of the past. However, recent research has shown that not only has email not declined in popularity but contrarily has continued to grow exponentially.

Why is this happening and how is it being managed by organisations already deluged by Data?
Continue reading “Email Continues to Grow Exponentially”

Project Planning for GDPR

New Year, New Data Management Project

On January 2nd, most people will be returning back to work after a Christmas project of greatly reducing their food and drink reserves.

But January will also mark the beginning for a lot of organisations of finally tackling the impending GDPR regulation, coming into effect on 25th of May 2018, which will change how companies can process and control the personal data of EU citizens.

According to our recent survey results, just under 50% of companies have an active project to address GDPR concerns, this leaves approximately half of companies to get the ball rolling.
Continue reading “Project Planning for GDPR”

Unstructured Data – A Growing Problem

What is Unstructured Data?

Data Management is appearing very regularly in the mainstream media at the moment – for good reasons (GDPR and legislation to properly safeguard personal Data) and bad reasons (front page headline Data breaches and fines), the term “unstructured Data” is now used a lot outside of its traditional IT/Compliance setting. It can sometimes lead to some confusion over what exactly the term means, what is counted as Unstructured Data, how much of it typically exists  in an organisation, how to find where it is and, naturally, how to deal with it.
Continue reading “Unstructured Data – A Growing Problem”