Data Discovery and Anonymisation
The EU GDPR requires you to be able to identify and protect data wherever you own it. This means that you must have a process in place to find and anonymise your sensitive data.
Personal and sensitive data discovery
The first step for analysing your risk in GDPR is to determine what personal and sensitive data you hold, where is the data located and how does it proliferate.
This assessment will not be a one off process for the GDPR deadline in 2018 but needs to be an ongoing assessment to take account of change in business processes and supporting applications and the data held for them.
Clearly there are also implications around consent for data being obtained. This Data Discovery process can be performed manually and will be very time consuming.
Alternatively Sogeti can take away the pain, we can recommend and deliver options and solutions using market leading tools to discover your personal and sensitive data (e.g. PII, PCI, PHI) and identifying your risk for GDPR.
Data Discovery scans can be run against metadata, data or both metadata and data.
You may think you know where your personal and sensitive data resides but experience tells us that very often personal data is hidden away in free text data where it can be difficult to spot.
Unstructured data is also complex.The data discovery scans can be automated to support your ongoing GDPR governance and compliance.
Personal and sensitive data anonymisation
Having identified your risk areas through discovery what next?
This is where data anonymisation comes in. Experience shows that the greater risk area lies in development and test environments where the security applied is only a fraction of that found in production systems.
In addition it is too easy and convenient to provision test data for these environments which is copied directly from production.
Recent fines issued from the Information Commissioners office demonstrate situations where unscrupulous employees had access to data they were not entitled to see and subsequently copied and sold that data to criminal gangs.
Sogeti can recommend and deliver options and solutions using market leading tools:
- Dynamic data masking solutions to protect data on the fly in production and test environments
- Persistent data masking and subsetting solutions for creating targeted and anonymised test data
- Synthetic data generation to create production like data for your testing
These solutions can be automated to deliver an on demand or self service test data facility for your development and testing projects.
In addition to reducing your risk in the event of a breach this also considerably speeds up delivery of quality and targeted data for your testing and increase coverage.