The data you have NO control over!

If you are currently reviewing your GDPR wheel and documentation, then the term “unstructured data” is a term you need to know as it hits wider than you can imagine.

It is the most common form of data found on your servers, the unstructured data. It is unsorted and without a visible structure. Individually, it may contain valuable data, but it is often redundant, outdated, duplicated data and trivial data.

How to get started

Before you start deleting data these 7 steps could inspirer you and give you have a good overview of your data processing, as well as what types of personal data you store and why.

The 7 steps are:

  1. Perform a mapping of your data. Remember to include Cloud services.
    1. In fact, mapping all potential personal data, including the unstructured data, should already have been part of your GDPR preparations. If that were not the case, it is time.
  2. Classify data. Data must be classified into different document types to determine the appropriate level and method of protection.
    1. Divide it into HR, Sales, Agreements and General Business Communication. The division must of course make sense of your processes.
  3. Create data and delete policies, rules, and processes that employees can easily understand.
  4. Create security ratings and an ownership policy.
    1. if you want to create a security rating it should be in groups as referred to in Article 1(1) of GDPR (use terms such as ‘Public’, ”Internal use only’, ‘Confidential’ and ‘Restricted’.
  5. Check the technical protection measures and where appropriate the necessary measures such as encryptions as well as IT contingency plans and Data Loss Prevention strategies.
  6. Then the identity and access management of documents must be checked.
    1. Can your employees’ access, correct and copy more than necessary?
  7. In conclusion, you need to complete training of end users.
    1. Create useful guides for rules and processes so that they can function and subsequently turn into good habits and routines.

Independent of size

Unfortunately, the amount of data usually grows proportionally to the size of the company. The more employees, the more data. And the more likely you are to need a dedicated tools focused on data cleanup. Otherwise it runs out of the way!!

So how do you move forward?

With the 7 steps in mind, you are now ready to process the documents stored in email and file systems.

Once the initial steps are done, cleaning up and minimizing the unstructured data can begin. This can be done manually, which is hard to see through, or automatically. Which I would clearly recommend and will now outline for you next.

Toolbox analysis and cleanup

By using an automatic tool, you can get over the 7 steps in a hurry. Expect for creating data policies and rules for deletion.

It is a difficult task manually identifying which emails and files that needs to follow which rules and policy.

When we perform a data content analysis during a data minimizing project. It is based on algorithms and knowledge of what defines GDPR data such a social security number, a bank account, or address. Passport etc.

We analyze on approximately 70.000 different document parameters fx. CVs, job applications, medical history, medical reports, credit applications and contracts and we add a mix of company specific sentences and glossaries that specific expressions in your document.

Toolbox’s sum organizer

After the analysis is completed you will get a graphic over overview, as well as reports on the general GDPR compliance.

  • Data that represents business value can be archived or marked with each user.
  • Sensitive data can be quarantined or moved for an extra and more rigorous control.
  • Finally, personal data may be deleted if there is no legitimate legal basis for the processing or/and can also be quarantined or moved to a secure area if it is to be stored.

Join our webinar on data minimization, on the 19th May at 15:00 CET: Link to registration

Many have tried lots have failed in giving employees the responsibility for GDPR cleanup in mail and file drives. In practice, however, it is an impossible task to undertake, and the responsibility remains with the management.

Cleaning up unstructured data in email, file drives, SharePoint, and Onedrive is causing problems.

The D&M Compliance Toolbox has analyzed over 1 billion datasets across different sectors and developed an easy and efficient way to automate GDPR cleanup.