Data Discovery, Mapping and Data Life Cycle Management

Privacy Hub Discovery powered by INDICA enables the discovery of personal data across your organisation, whether structured or unstructured.

Privacy Hub by Wrangu
Indica
Real time Wrangu

Data Discovery & Data Subject Access Requests

Always up-to-date ROPA

DATA DELETION REQUESTS AND RETENTION LIMITATIONS

GDPR Accelerator

Data Mapping Deviations

The Power of Data

Over the last two years humans have generated more than 90% of the data in existence. This process of digitisation has accelerated as organisations moved to working from home in the wake of the COVID pandemic. The pace will only accelerate as the Internet of Things (IoT) expands. For businesses, this is a double-edged sword. The data they generate and collect has the power to improve customer experiences, fuel innovation, and drive prediction analytics. This same data presents a risk to privacy and security as companies deal with the complexity of having data across legacy systems integrated into modern SaaS tools in both structured and unstructured forms. Combine this with constantly evolving privacy legislation like the GDPR, CCPA, LGPD, and LPPD. Data mapping and data discovery tools can provide a solution to many of the complex challenges that organizations face and can be used for everything from creating Records of Processing Activities (ROPAs), handling to Data Subject Access Requests (DSARs), and responding in the incident of a data breach.

What is Data Mapping?

Data mapping at its most basic level helps a company’s internal databases communicate with each other. Take the simple example, you collect a customer’s information at different times into two separate databases. Data mapping links a user’s information from one database to another avoiding duplication and insuring data hygiene across business operations.

Data mapping also facilitates compliance with the EU General Data Protection Regulation (GDPR) tracking where data is stored, how it is processed, and by who. This insures that use of data is necessary and proportionate creating a record of processing activities for supervisory authorities while enabling understanding, risk management, and documentation of cross-border data transfers. After all, in order to comply with legislation like the GDPR or CCPA, you need to know where your data subjects are from!

What is Data Discovery?

Data Discovery scans information systems and the data within to classify personal data creating a data road map showing where and from who data was collected, who has access to the data, when the data was accessed, and ultimately, what is done with that data. Data Discovery enables organizations to refine their analyses on both structured and unstructured data using search terms. This helps your business discover and classify personal data automating privacy rights fulfilment and complying with data subject rights under GDPR and other global privacy regulations.

Structured Data is data that is highly organised in fields and tables often in CMDB databases.

Unstructured Data is data that is not structured into fields and tables.

Unstructured data in particular presents unique challenges to data extraction and classification of that data. If this is the case for your organization, you are not alone. In an IAPP-EY governance survey, more than half of respondents (56%) said “locating unstructured personal data” was the most difficult issue in responding to data subject access requests. For example, there might be a field labeled notes that data discovery tool will identify as harmless when in fact that field contains sensitive data like religion, race, or health information. It’s no surprise that unstructured data is challenging as it offers little consistency to guide the writing of code.

Know your Data with Privacy Hub Data Discovery Powered by INDICA

Many organizations have not adapted an automated approach to data mapping and data discovering relying on manual processes. This typically involves sending surveys to IT owners across the various sectors of a business that is time consuming and drains resources that can be more effectively deployed.

Privacy Hub Data Discovery powered by Indica solves these challenges by employing personal data discovery tools to pinpoint where you store personal information like a phone number or an email address based on correlations associated with personal data. INDICA’s smart platform indexes and highlights personal data which is evaluated against the Privacy Hub’s extensive knowledge of your clients’ processes. This is done by scanning IT systems to classify, tag, and inventory data. The data discovery solution does this on your existing information sources like your CMDB or CASB discovering the data you know about and the data you don’t. Often this information can be used to solve other compliance challenges like the creation of Records of Processing Activities (Art. 30 GDPR), real time mapping, and identifying all individuals affected by a data breach.

Data Discovery Solutions For Data Subject Access Requests

Many organizations have not adapted an automated approach to data mapping and data discovering relying on manual processes. This typically involves sending surveys to IT owners across the various sectors of a business that is time consuming and drains resources that can be more effectively deployed.

Privacy Hub Data Discovery powered by Indica solves these challenges by employing personal data discovery tools to pinpoint where you store personal information like a phone number or an email address based on correlations associated with personal data. INDICA’s smart platform indexes and highlights personal data which is evaluated against the Privacy Hub’s extensive knowledge of your clients’ processes. This is done by scanning IT systems to classify, tag, and inventory data. The data discovery solution does this on your existing information sources like your CMDB or CASB discovering the data you know about and the data you don’t. Often this information can be used to solve other compliance challenges like the creation of Records of Processing Activities (Art. 30 GDPR), real time mapping, and identifying all individuals affected by a data breach.

How it Works

Use Case: GDPR Data Subject Rights, Deletion Requests, and Retention Limitations

First, a Data Subject Request is made. This can be done internally by someone within the organisation or, as is more common, externally.

Privacy Hub handles the initial Data Subject Rights Request, including identity validation. This kicks off a request life cycle that tracks and insures tasks are completed when they should be before moving along in the process.

Once identification is validated, the automated task to find the relevant data is initiated using INDICA Data Discovery. INDICA Data Discovery detects and reconciles different data structures to deliver an accurate view of the information you keep on a data subject.

After discovery, the Privacy Hub response stage kicks off, which includes manual review of the data subject’s information and what you will share or correct, pre-built templates, and automated response via a password protected secure link emailed directly (password sent separately from outside the system and not recorded or stored in Privacy Hub).

Use Case: Data Deletion Requests and Retention Limitations

Fulfilling data deletion requests and complying with retention limitations presents many of the same challenges as responding to other data subject rights. In particular, finding all the personal data related to an individual within an organization’s data supply chain. This is made more challenging depending on how data is structured and stored. Without a data subject identifier, engineers are going to struggle with data management. At the starting point, an engineer will need to find a way to erase at scale one person’s data from the collection of an organization’s data sources without deleting the wrong data. In unstructured data sets, an engineer cannot simply delete an individual user’s row or data fields within sources of data.

With Privacy Hub, an initial deletion request is received from the data subject. After identity validation, the automated task to find the relevant data is initiated using INDICA’s Data Discovery technology. The automated process examines correlations of information tied to personally identifiable information ensuring it works on both structured and unstructured data.

The results are presented to the relevant team member to assess whether the data may be deleted. If deletion is required, either full deletion or blacklining can be initiated by the Privacy Hub, which then kicks off the response to the data subject

Find out how it works

Download our brochure to find out:
• How Data Discovery Works
• How Data Mapping Works
• How To Manage Your Data Life Cycle

Use Case: Data Mapping Deviations

Privacy Hub Data Discovery powered by INDICA is run on a regular basis (normally nightly) to find any new personal data that has been recorded anywhere within your organisation. This is then mapped to filed ROPAs in Privacy Hub to determine any deviation. There are three different types of deviation that could be identified: system type (or CI) found is not found in the CMBD, ROPA defined data not found, and data processing not found (no ROPA for personal data found). These results are presented to the relevant team member to make decisions on how to action.

Why Privacy Hub Data Discovery & Data Mapping Automation?

Businesses and organizations are tasked with the mounting pressure of making their data useful. This challenge is coupled with the new wave of privacy and data protection regulations like the GDPR, CCPA, LGPD, LPPD, and others. A common thread to solving these compliance challenges is implementing data mapping and data discovery tools. At the very highest level these tools should tell an organization:

  1. What personally identifiable information they possess;
  2. Where it is stored;
  3. Why they possess it;
  4. Who has access to it; and
  5. How it is being used


Privacy Hub Data Discovery powered by Indica helps organizations solve these compliance challenges linking data mapping and data discovery to other key requirements of the GDPR like maintaining ROPAs, responding to DSRs, and conducting DPIAs.

The onboarding process is easy and seamless providing a clear picture of the information your organization collects and processes. What remains will be conducting ongoing maintenance ensuring that your data map stays up to date and your organization remains compliant with an evolving privacy and data protection regulatory environment.

Want to see it Live in action? Great! Schedule a software demo now.

Wrangu & INDICA Partnership

"I am delighted that the INDICA partnership will allow us to do something that our clients have been requesting - finding, mapping and managing their personal data - within the Privacy Hub”
Lee Grant
CEO, Wrangu
"The partnership between INDICA and Wrangu will provide an end-to-end solution, ensuring you can now truly have control of your personal data. Data mapping and identification of the personal data residing in your company is now a reality.”
Willem Tacken
CCO, INDICA

Our strategic partnership facilitates an end-to-end solution for efficient data discovery, mapping and [data] life cycle management creating true transparency across your organisation.

To find out more, read the full press release.