Why track your sensitive data
Are you collecting and storing sensitive information about your contacts, customers or employees? And are you having problems finding this personal data? A poor effort to protect your sensitive personal data can make a data audit or a data breach extra expensive. A fine from a data regulator can cost €20 million or 4% of a company’s worldwide annual turnover. When it comes to data breaches, the average price for a data breach According to IBM’s article Cost of a Data Breach Report was $4.24 million in 2021. The amount is expected to increase in the future.
If you’re like most businesses, the personal and sensitive data you’ve collected about customers and others is spread across many systems and employees. You should get a handle on which data you have that contains personal data as soon as possible.
Get ShareSimple FREE for one user today!
How to find your sensitive personal data
When you need to find your files, emails and pictures with personal information, you should follow these 3 steps:
1. Know what to look for
The number of different types of personal information is huge. Therefore, it is a good idea, before you start finding your personal data, to define exactly what information you are looking for. Here is a list.
2. List your storage locations
Where do you and your team store all the data you collect? Here are a few types of locations that must be checked for sensitive data:
- Local drives
- Network drives
- Cloud storage
- Email folders
- Online services
Most companies do not just use one type of cloud storage, and most employees (unfortunately) do not always use their work computer or email. Therefore, the list of individual locations you will need to check for sensitive data will quickly become much longer.
3. Choose your method of finding data
Now you know what to search for, and where you might find it.
However, this only shows what a big job you have in front of you. How can you be sure you identify every ID number, credit card number, medical condition, political opinion, etc., that has made its way into your storage locations?
Here are three options for data discovery:
- DIY. Assign someone from your own team to sort through files. This option is expensive because it is so time-consuming. It is also prone to errors and the process may expose you to breach in and of itself if it is not handled properly.
- Hire a service. Hiring a data discovery service to find your sensitive high-risk files is another option, but it still does not eliminate the risk of human error, it exposes sensitive data to more eyes, and it is very expensive.
- Get smart software. Using smart data discovery software to automatically find sensitive data in your systems is an easy, cost-effective way to perform regular data inventories and evaluate your risk exposure.
What to do once you have found your sensitive data?
Some companies may hesitate to perform a data inventory because they are afraid of the issues they might find. But in fact, just having the data inventory done will give you a huge advantage if you are audited by the authorities, as visibility and documentation are an important part of compliance. And if you are exposed to a cyber attack, a data inventory will help you hide the values
Here are a few additional things you can do once you have your data inventory:
- Make sure you have consent or another lawful basis to keep data you store
- Delete sensitive data you no longer use or if you do not have a legal basis to store it
- Restrict access to certain files to only those who need it
- Protect sensitive data at rest and in transit
- Prepare an impact assessment (DPIA) for your data. Download a free template here.
A smarter way to find your sensitive data
Instead of spending hours each month finding your data, which contains personal data, you can solve the task much faster and more precise with a digital tool. In Safe Online, we have developed DataMapper, which is a browser-based data discovery tool that uses artificial intelligence to find files, emails and images that contain personal data across the company’s data systems.
Sebastian Allerelli
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →