Pontus Vision

Platform for data mapping and
management of personal data.

Only Open Source solution on the market.

Pontus Vision solves  GDPR and LGPD challenges in 3 modules:

Specialists in data management and data

  • GDPR compliance
  • Brazil’s LGPD compliance


  • Unstructured and Structured data extraction
  • Custom dashboards and reports
  • Cloud native and/or on-prem


Pontus Vision’s Key Features:

  • Unstructured and Structured data extraction
  • Compliance Dashboard with the ICO’s 12 Steps
  • Consent Management, including APIs to ensure compliance
  • Graphical or textual reports of all natural persons’ data
  • Real-time reports of all areas with natural person records
  • Data Privacy Impact Accessment (DPIA Management)
  • Data breach Analysis and Reports
  • Custom Forms and Dashboards

Unique Selling Points

Pontus Vision is the only solution that is:

Open Source

Architected for GDPR

Customised for LGPD

Processes Trillions of Records

Cloud Native and / or On-prem

Pontus Vision is the only Open Source data protection management solution in the market

The risks of the whole organization’s data protection are visualised using a score based on the ICO’s 12 steps, following the main points of the law.


We help organizations comply with data protection regulations

We solve data protection challenges in 3 modules:


Extract Structured Personal Data in Databases, CRM, ERP, and proprietary systems. Also works with unstructured data, such as, emails, PDFs, Word, and Excel.


Maps all the data from the Extract module, identifying natural persons with as little data as possible, scalable to trillions of records.


Gathers links to all personal data within an organization, with graphical or textual reports, using a scoring system based on the ICO’s 12 steps to GDPR compliance.

Key Features:

The Pontus Vision platform combines the following resources in a single, but modular product:


Our solution can be easily deployed on prem, or on any cloud platform.


Our architecture and design uses NCSC’s 14 principles of cloud security.


The whole Pontus Vision GDPR / LGPD platform is open sourced. This gives customers a clear vision of the code, without vendor locking.


The Pontus Vision GDPR / LGPD platform reduces the number of manual steps to ingest vast quantities of data. Our solution is scalable to trillions of records.


Pontus Vision was designed and built as a modular solution capable of taking data from hundreds of different formats with reusable components.


Platform for data mapping and
management of personal data.

Our platform works in 3 modules:

    • Extract
    • Track
    • Comply


The Pontus Vision LGPD platform extracts structured and unstructured data in an automated manner and without interference on daily operations. The solution does not require changes to the customers’ systems, being able to receive large volumes of data from several corporate systems. Connectors for systems not yet supported are easily implemented.

Structured Data: Databases, CRM, ERP and proprietary systems.

Unstructured Data: emails, Microsoft Office documents, PDF files, and others.


Our solution maps data by tracking all data sources from the Extract stage, identifying customer data with as little information as possible, using graph databases and natural language processing technologies, supporting trillions of records.

Scalability is extremely important as the number of data on natural persons grows daily, with each customer or staff interaction generating new data.

The Pontus Vision Platform is based on the POLE model to Track data. This is a model used by the UK Government to associate data with individuals. The POLE model creates relationships between People, Objects, Locations and Events, forming the basis of a robust intelligence structure.


All data is consolidated in a dashboard, for graphical or textual visualization.

The solution gathers links to all personal data within an organization, with graphical or textual reports, using a scoring system based on the ICO’s 12 steps to GDPR compliance.

All forms and reports are managed in real time, showing the areas of the organization that have personal data.


UK Government

We helped the UK Government identify and consolidate personal data, and store it safely in cloud environments, enabling data sharing between government departments.

To achieve this, we had to fulfill several requirements:

  • Highly Scalable (capable of storing trillions of records) and fully automated platform
  • Multiple Data Formats
  • Open Source
  • Real time data analysis and reporting

Data Leak

We help large companies quickly generate data leakage reports, including the number of natural persons impacted by the data breach, as well as data sources. Given the short period of 72 hours to report a data leak, having automated report generation is crucial to comply with GDPR, and reduce reputational damage.

In one case, the source of the data leak was a phishing attack of a corporate email’s shared inbox used by the marketing department. Pontus Vision was able to quickly produce a report with the total number and names of all the natural persons’ personal data leaked. Without Pontus Vision, it would be complex and time-consuming to identify which records were impacted, as many were stored in e-mail attachments, and required more time to read than the 72 hours allowed. Pontus Vision automatically maps all the personal data as it arrives, making automatic reporting a trivial task.

DSARs and Consent Management

Under GDPR and LGPD, natural persons can make DSAR (data subject access requests) at any time. DSARs can request all the personal data to be released, updated, or deleted. The deadline to complete a request is 30 days for GDPR and 15 days for LGPD.

In this case, a major publisher was struggling to manage the high volumes of DSARs, as each request was fulfilled manually. After the introduction of Pontus Vision, the client was able to fulfil 100% of the requests within the law’s deadlines, and reduced the mean time to produce a report from days to seconds.

GDPR Group Compliance

Private Equity company with a portfolio of several medium-sized companies, ranging from supermarkets to clothing stores. The main challenge was to ensure that, as the controller of multiple ventures, there was a single view of compliance risk reporting across the portfolio.

The solution included extracts of structured and unstructured data from all organizations in near real time. The data was mapped using the POLE model, enabling the tracking of customer data and DSAR requests processed in seconds. DSAR requests were handled both on a venture-by-venture basis, and for the entire portfolio in the same way, without incurring extra expenses. Portfolio managers were able to quickly discover discrepancies in the CRM systems, as well as many records of buyer customers, from outside marketing companies, who had not given any consent.

CRM Consolidation

Large financial organization that had multiple copies of the cloud-based CRM that needed to be consolidated. The main challenge was to ensure that day-to-day operations were not interrupted, as all copies were used in production environments.

The solution was to create a new consolidated CRM that would receive real-time data from other systems. Although the data was extracted from the active systems, the data was tracked, identified and cataloged in an easy-to-match model developed for the English Government, to track and share personal data between departments. The solution was able to quickly consolidate data from the various CRM systems and disable legacy sources one at a time, in a non-risky way. The company was able to reduce expenses with the CRM provider and was able to quickly comply with GDPR for this small data set.

Tracking Personal Data

Large foreign exchange retailer, with decentralized customer management systems, operating in more than 30 countries. The main challenge was to extract and track data from European citizens living in foreign countries. The company had several fragmented CRM systems and often used unions to physically handle transactions with customers, using shared file systems. The unions stored personal data in spreadsheets and emails.

The solution included extracts of emails and files located in Office 365, DropBox and Google Drive almost in real time. The data was compared with 3 different CRM systems and incompatible records were flagged for manual intervention. The company found it especially useful to get rid of obsolete records that had incorrect or incompatible details.