Missing pieces in your SAR puzzle?
The missing piece
Today there are a multitude of issues encountered when responding to a Data Subject/Subject Access Request under GDPR. Time constraints, human resources, access to data, search planning and many other issues come to mind. However, one of the biggest challenges facing companies today is the inability to provide a “complete subject access request” across all of their data and not just structured or cloud-based information. This problem stems mainly from the fact that there has been a void in tools focused solely on unstructured data. Heureka solves this issue by being designed to handle unstructured data created and stored in a combination of sources, systems and file types regardless of where they are operating.
Unstructured data solution
Unstructured data is essentially made up of the files created and stored daily on laptops, desktops and file shares throughout a company. All of the unstructured data is what Heureka refers to as the “digital blind spot“. Without visibility or search capability on unstructured data, a DSR/SAR report should be considered incomplete as a large portion of the data goes unreported. For example, what if PII data is stored locally on two HR computers or perhaps on a departmental file share? When a search is limited by using only the Security & Compliance potion of O365, locally stored information is completely missed when executing a subject access request or “right to be forgotten” request. A partial understanding of your data leaves a company vulnerable to future investigations, litigation and perhaps a full data breech.
Cloud + Heureka
For this post we focus on enhancing the DSR report capability built into Microsoft Office 365 – E3 since search and reporting tools are present and widely used. O365’s Security and Compliance component allows you to create a DSR which searches across Exchange Email, Group mail, Skype for Business, Team messages, To-Do, MyAnalytics, SharePoint, OneDrive, group sites, team sites and Exchange public folders. In other words, a fairly comprehensive tool for O365 products. However, as mentioned above the huge missing component of the O365-only DSR is the lack of ability to rapidly search and understand the content of your organization’s unstructured data and blend that knowledge with what was discovered using Microsoft’s tools.
Complete the puzzle
Heureka provides enhanced visibility by extending a subject access search across all corporate endpoints, regardless of where they are located. A Heureka search is executed on your endpoints with results streaming back in one minute or less. Much like O365, Heureka users can target specific endpoints, file types, departments or share locations to focus their search on the most important locations or information. Best of all, Heureka’s architecture follows a GDPR best practice by leaving all user data in place. This method assures companies that data is not being replicated to simply perform a search or analyze the data.
Once a DSR search has been executed, Heureka helps users visualize and report on combined O365 and unstructured data with a complete system data overview. One such visualization method utilizes Heureka’s Tableau DSAR dashboard seen above. Other users may combine reports or use other analytics tools at their disposal like Microsoft Power Bi. Visualization tools provide you with vital, combined information on your subject access request including number of endpoints or mailboxes searched, dates for files or email, type of files by extension and total number of hits per endpoint/mailbox. Visualizing the entire scope of your DSR/SAR results (and not just the cloud information) helps you make decisions on the scope of your search and potential next steps in terms of exporting of data for an Article 20 “Right to data portability” request, or deletion of data where a Article 17 “Right to be Forgotten” has been requested.
Intelligence gained, intelligence shared
Heureka continues to be a conduit for unstructured data intelligence with automated, daily risk updates and scheduled searches for critical information. Shared data intelligence enhances a DAR/SAR workflow and becomes the necessary bridge when attempting to comply with GDPR regulations. A DSR/SAR does not have to be a stressful event if you have quick and complete access to all of your data to help complete the puzzle.