PDM: Personal Data Manager
wherever it exists
Folding Space Personal Data Manager (PDM) is the most automated, accurate, practical and secure solution for finding, viewing, monitoring, & reporting upon the existence, occurrence and processing of personal data anywhere across the organisation irrespective of network location, format or storage.
PDM finds all instances of personal data wherever hidden in source paperwork, digital documents & files, metadata & free text - departmental, multi-departmental or enterprise-wide. And you can easily scope, investigate, classify, monitor and view in situ automatically any source containing personal data without unnecessary copying or transferring of files, or having to build an electronic document/file warehouse or central repository.
- Discovery across servers, storage, drives, directories, file stores & similar
- Discovery within content of digitised paperwork of all of kinds
- Discovery within content of digital documents, files and records
- Identification of all instances & occurrences of personal data
- Definition of who has access to every file containing personal data
- Continual monitoring & discovery of new/updated data and files
- Extensive analyses, reporting and results with full auditing
- Role-based security and user access management
- Powerful systems & security administration functionality
- Swift, easy installation with full support & systems integrity
- Unique, extensive personal data ontology and taxonomy
- Find, investigate, discover and monitor automatically all personal data
- Automatic personal data classification of all instances, types & occurrences
- Incorporates extensive & customisable dictionaries for personal data identification
- Provides powerful & sophisticated libraries of complex regular expressions)
- Utilises detailed content pattern, context & proximity analytics extending into NLP and AI
- Web browser-based user experience is easy, helpful and responsive
- Powerful ‘google-like’ search & advanced find facilities
- Direct viewing of documents, files and records wherever located
- Significant cost savings for compliance with DSARS, GDPR, Data Privacy and similar regulations and regimes
Discovery + Content Analytics = PDM
Without the twin fundamentals of ‘discovery’ and ‘content analytics’, no organisation can achieve (let alone maintain) compliance with regulations like the Data Protection Act (GDPR), Freedom of Information Act and the various Data Privacy & Security regimes, guidelines and best practices. And this challenge is most commonly illustrated in the cost, resource and time consequences faced by most organisations in responding to Data Subject Access Requests (DSAR).
Discovery in harmony with Content Analytics is the fundamental first step towards regulatory compliance. It is the process of finding the ‘known unknowns’ – specifically, finding the existence, instances, occurrence and processing of personal data irrespective of its location, format or storage, wherever it exists across the organisation.
And we all ‘know’ there are many unknowns. Because personal data sits everywhere and anywhere within data, documents, files and records. Hoarding & hiding all this content is a widespread risk already but with all the regulatory requirements now in force, it is a ‘clear & present danger’ to the organisation:
- What personal data does the organisation actively use today and for what purpose?
- What personal data does the organisation have but doesn’t use which could/should be deleted?
- Who has access to what?
- Exactly where is the organisation at risk regarding Data Privacy compliance and governance?
Three fundamental first steps
- Accurately find any (and all) of the personal data within the content of the organisations data systems, documents, files & records. And in doing so, look to identify the likely data subjects.
- Classify and present the existence and occurrence of differing types of personal data (direct, sensitive, secondary, etc), all of which are at risk of being identifiable and identifying for a specific person (a ‘Data Subject’)
- Have the automated means to achieve the above and more; namely, the automated means by which instances and occurrences of personal data are identified and presented from within the organisation’s corpus of data, documents, files & records - which may be at department level, multi-department, site-wide or enterprise-wide (or any permutation)
PDM is a find & analyse technology. It provides the automated means to answer the What, Why, When, How, Where and Who of personal data discovery for all aspects of compliance, security and governance.
Because PDM fully meets the most fundamental data privacy & management challenge for an organisation - to identify and continually monitor the existence, occurrence and processing of personal data across their organisation – hidden in their paperwork, digital documents & files and databases, metadata & free text – all the unstructured and structured data that exists - irrespective of its location, format or storage across the organisation.
Data Subject Access Requests (DSAR)
Under the terms of Data Protection Act 2018 (GDPR) every EU citizen has the right to demand disclosure of their personal data from an organisation and it is a legal requirement for the organisation to respond within 30 days. There are additional aspects specific to the UK covered under the Act (e.g. processing of child data) but personal data is the core challenge facing every organisation.
In addition to GDPR, there are similar UK and International strictures regarding disclosure under parallel regulations. For example:
- Freedom of Information Act 2000 (FOI/UK)
- California Consumer Privacy Act 2020 (CCPA/USA)
- Health Insurance Portability and Accountability Act of 1996 (HIPPA/USA)
- NYDFS Cybersecurity Regulation (23 NYCRR 500/USA)
- Payment Card Industry Data Security Standard (PCI DSS /International)
And many other public & private sector specific guidelines regarding Data Protection and Data Privacy.
Essentially, a Data Subject Access Request (DSAR) can be made by any individual to any organisation demanding that they be informed as to whether or not the organisation is processing personal data that relates to them. And if the organisation is holding any of their personal data, the individual must be told exactly what that data comprises and be provided with a copy of that data.
The ICO (Information Commissioner’s Office) guidance states this most succinctly:
- Individuals have the right to access their personal data
- This is commonly referred to as ‘subject access’
- Individuals can make a subject access request verbally or in writing
- You have one month to respond to a request
- You cannot charge a fee to deal with a request in most circumstances
The GDPR ‘Right of Access’ - commonly referred to as ‘Subject Access’ - gives individuals the right to obtain a copy of their personal data as well as other supplementary information. Its purpose is to help individuals to understand how and why an organisation is using their data, and check that is being done so lawfully.
But it is important to note that the above is not limited just to employees of an organisation – they could be past employees, past/current customers or similar (clients, patients, students, service recipients, etc), suppliers of goods or services (past & present), sales prospects, recipients of any marketing communications or, indeed, anyone who just wants to know if the organisation holds any of their personal data.
If the organisation is holding any of their personal data, the individual must be told:
- What personal data it is that is being processed
- The purposes for which the personal data is being processed
- Who, if anyone, the personal data is disclosed to
- The extent to which it is using the personal data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose
The organisations is legally required to respond to a DSAR by providing, in an intelligible form (e.g. PDF), copies of all the personal data and any information about the sources and uses of the data within 30 days.
Since May 2018 when the Data Protection Act became UK law, DSARs have been increasingly imposing significant pressures on every public and private sector organisation. The impact on internal resource and processes is now considerable and, certainly, not to be underestimated as non-compliance to GDPR carries very heavy penalties.
Personal Data Manager enables the organisation to efficiently and economically respond to any DSAR because any and all personal data relating to the DSAR requestor (the ‘Data Subject’) can be discovered, reported and presented back automatically to the Organisation who can then respond to the Requestor within the 30 day time limit.
The unique value proposition is that with PDM, you can scope, investigate, discover, classify, monitor and view in situ automatically and then report upon any source (documents, files & records, metadata/free text, databases) that contains personal data and so comes under all regulatory regimes like GDPR and FOI.
The What, Why, When, How, Where and Who
of personal data discovery & analyticsBook A demo