Find your sensitive data with AI

DataMapper is a file scanner that helps organisations identify, classify, and manage sensitive data across their internal systems. Technically, DataMapper is a Data Discovery tool.

Files containing sensitive information must be protected in accordance with international data regulations such as UK-GDPR, GDPR, CCPA and PIPL. If these data are not properly safeguarded, it can lead to GDPR fines, damage to the company’s credibility, and more.

DataMapper helps ensure UK-GDPR compliance by identifying sensitive information within your systems. You gain a precise overview of files containing sensitive content, enabling you to manage them with ease.

DataMapper is created for companies that want control over their sensitive data and how they manage compliance. It is particularly relevant for organisations that handle large volumes of sensitive information.

DataMapper is cloud-based.

DataMapper supports integrations with various systems, including cloud storage, ERP systems, CRM platforms, and file servers. DataMapper offers three types of connectors for automation:

• Native Connectors, which integrate with the platforms Microsoft OneDrive, Microsoft Outlook, Microsoft SharePoint, Google Drive, Google Mail, Azure Blob Storage, local drives, and network drives (Windows Fileshare).
• Logic Apps integration, providing access to over 1,000 apps via Logic Apps. See the full list here.
• Custom Connector, allowing integration with any RESTful API, offering flexibility for specific integration requirements.

DataMapper uses a combination of advanced AI and Machine Learning algorithms to detect terms classified as sensitive. Read more here.

DataMapper detects words and numbers classified as sensitive under privacy regulations like the GDPR.

• Personally identifiable data/PII (e.g. ID, driver's license or passport number)
• Sensitive personal data (e.g. trade union, health info or sexual orientation)
• Business-critical terms (e.g. contract, budget or IP document)

You can also customise your scans by adding or excluding specific words and numbers, ensuring that DataMapper identifies exactly what you consider sensitive.

DataMapper supports files smaller than 30MB and with following formats:

Documents:
txt, rtf, pdf, doc, docx, gdoc, odt

Email types:
msg, txt (email bodies)

Presentations:
pptx, ppt

Spreadsheets:
xls, xlsx, gsheet

Hypertext:
html, htm

Images:
jpg, jpeg, png, heic

In DataMapper, administrators and employees have different roles: administrators have full visibility of scans and risks across the organisation, but they do not have access to clean up individual employees’ files. The administrator invites employees into DataMapper to carry out the clean-up, while setting the framework, defining the clean-up method, initiating scans and monitoring progress. It is the individual employee who is responsible for reviewing their own files and deciding what to clean up.

This division of responsibilities has been chosen because it often requires the employee’s knowledge of the file’s content and context to make the right decision. At the same time, it is in line with GDPR principles and spares the administrator from an unmanageable clean-up task.

It only takes a few minutes to install DataMapper. The onboarding follows a clear plan, which you can read more about here. If you have any questions during or after implementation, our customer support team is ready to help.

It is difficult to predict exactly what DataMapper will detect in your data. However, our scans show that up to 7% of all documents, emails, and images contain sensitive information.

Files containing sensitive content do not necessarily need to be deleted – but they must be handled correctly.

GDPR makes you responsible for protecting the sensitive information you store. Your company will likely need to retain certain information about employees and customers in order to function normally.

However, it is also common for companies to hold on to sensitive data that they no longer need. How long you may store data depends on the regulations applying to your sector and organisation. If you keep sensitive information for too long – even if it is stored securely and not misused – you can still be in breach of GDPR requirements.

When DataMapper identifies files containing sensitive information, the file should therefore be reviewed and either:

• deleted

• redacted so the sensitive content is removed

• moved to a secure data location

By reducing the amount of sensitive data you collect and retain, you can also minimise the risk and potential damage in the event of a data breach.

Manual searching for sensitive files might initially seem like a good solution, but this method comes with significant limitations that make it time-consuming and inefficient:

1. The volume of data: It can be overwhelming to review all files manually.

2. Human factor: Employees can make mistakes and overlook important files.

3. Limited search knowledge: Employees often don’t know what to look for, as many sensitive terms are unfamiliar.

4. Evolving sensitive expressions: GDPR and other regulations change continuously—new risk terms emerge all the time.

5. Sensitivity hides in images: Data may be stored in scanned documents, images, or notes—difficult to review without automation.

6. Context is everything: Words like “COVID” are only considered sensitive when linked to a person.

7. Language and formats vary: Sensitive information appears differently depending on language and country.

Read more here.

While it may seem straightforward to delete everything older than five years, this is rarely a sustainable approach. Different types of data are subject to varying retention requirements depending on legal obligations and processing purposes. Some data must be kept for longer – for example, in connection with accounting, employment, or contractual obligations – while other data should not be retained that long at all. Many files also contain a mix of information, some of which must be deleted and some of which must be preserved, meaning careful assessment is required rather than automatic deletion. A blanket five-year rule can therefore lead to either unlawful retention or unintended data loss.

There are three reasons why DataMapper is more appropriate to use for cleaning up sensitive files than Microsoft Purview:

1. Difficult implementation and setup – Purview requires a complex setup with Azure integration, access rights and data classification policies, which can take weeks or months and often requires external consultants. DataMapper works out-of-the-box without extensive IT involvement.
2. Not suitable for users or to clean up – Purview identifies data, but does not give users a concrete overview or the opportunity to clean up themselves. Everything is handled centrally by IT and compliance, which makes cleanup difficult and inefficient. DataMapper shows exactly what needs to be removed and makes it easy for users to take action themselves.
3. No OCR scanning – Purview can only read text, while DataMapper also scans images, scanned documents and non-editable PDFs for sensitive information.

DataMapper processes all of personal information as confidential, including basic details such as names and email addresses. The system is crafted to adhere to the highest standards of data security. Read more about the security in DataMapper here.

The price of DataMapper is based on three factors:

1. Which integrations you require

2. How many employees will use DataMapper

3. The size of your data volume

To get started with DataMapper, you must contact us. You can also purchase DataMapper through your Microsoft subscription on the Azure Marketplace.