Pontus Vision solves GDPR and LGPD challenges in 3 modules:
WHY PONTUS VISION?
- Unstructured and Structured data extraction
- Custom dashboards and reports
- Cloud native and/or on-prem
GDPR and LGPD
Pontus Vision’s Key Features:
- Unstructured and Structured data extraction
- Compliance Dashboard with the ICO’s 12 Steps
- Consent Management, including APIs to ensure compliance
- Graphical or textual reports of all natural persons’ data
- Real-time reports of all areas with natural person records
- Data Privacy Impact Accessment (DPIA Management)
- Data breach Analysis and Reports
- Custom Forms and Dashboards
Unique Selling Points
Pontus Vision is the only solution that is:
Architected for GDPR
Customised for LGPD
Processes Trillions of Records
Cloud Native and / or On-prem
Pontus Vision is the only Open Source data protection management solution in the market
The risks of the whole organization’s data protection are visualised using a score based on the ICO’s 12 steps, following the main points of the law.
We help organizations comply with data protection regulations
Our solution can be easily deployed on prem, or on any cloud platform.
Our architecture and design uses NCSC’s 14 principles of cloud security.
The whole Pontus Vision GDPR / LGPD platform is open sourced. This gives customers a clear vision of the code, without vendor locking.
The Pontus Vision GDPR / LGPD platform reduces the number of manual steps to ingest vast quantities of data. Our solution is scalable to trillions of records.
MULTIPLE DATA FORMATS
Pontus Vision was designed and built as a modular solution capable of taking data from hundreds of different formats with reusable components.
Platform for data mapping and
management of personal data.
Our platform works in 3 modules:
The Pontus Vision LGPD platform extracts structured and unstructured data in an automated manner and without interference on daily operations. The solution does not require changes to the customers’ systems, being able to receive large volumes of data from several corporate systems. Connectors for systems not yet supported are easily implemented.
Structured Data: Databases, CRM, ERP and proprietary systems.
Unstructured Data: emails, Microsoft Office documents, PDF files, and others.
Our solution maps data by tracking all data sources from the Extract stage, identifying customer data with as little information as possible, using graph databases and natural language processing technologies, supporting trillions of records.
Scalability is extremely important as the number of data on natural persons grows daily, with each customer or staff interaction generating new data.
The Pontus Vision Platform is based on the POLE model to Track data. This is a model used by the UK Government to associate data with individuals. The POLE model creates relationships between People, Objects, Locations and Events, forming the basis of a robust intelligence structure.
All data is consolidated in a dashboard, for graphical or textual visualization.
The solution gathers links to all personal data within an organization, with graphical or textual reports, using a scoring system based on the ICO’s 12 steps to GDPR compliance.
All forms and reports are managed in real time, showing the areas of the organization that have personal data.
We helped the UK Government identify and consolidate personal data, and store it safely in cloud environments, enabling data sharing between government departments.
To achieve this, we had to fulfill several requirements:
- Highly Scalable (capable of storing trillions of records) and fully automated platform
- Multiple Data Formats
- Open Source
- Real time data analysis and reporting
We help large companies quickly generate data leakage reports, including the number of natural persons impacted by the data breach, as well as data sources. Given the short period of 72 hours to report a data leak, having automated report generation is crucial to comply with GDPR, and reduce reputational damage.
In one case, the source of the data leak was a phishing attack of a corporate email’s shared inbox used by the marketing department. Pontus Vision was able to quickly produce a report with the total number and names of all the natural persons’ personal data leaked. Without Pontus Vision, it would be complex and time-consuming to identify which records were impacted, as many were stored in e-mail attachments, and required more time to read than the 72 hours allowed. Pontus Vision automatically maps all the personal data as it arrives, making automatic reporting a trivial task.
DSARs and Consent Management
Under GDPR and LGPD, natural persons can make DSAR (data subject access requests) at any time. DSARs can request all the personal data to be released, updated, or deleted. The deadline to complete a request is 30 days for GDPR and 15 days for LGPD.
In this case, a major publisher was struggling to manage the high volumes of DSARs, as each request was fulfilled manually. After the introduction of Pontus Vision, the client was able to fulfil 100% of the requests within the law’s deadlines, and reduced the mean time to produce a report from days to seconds.
GDPR Group Compliance
Private Equity company with a portfolio of several medium-sized companies, ranging from supermarkets to clothing stores. The main challenge was to ensure that, as the controller of multiple ventures, there was a single view of compliance risk reporting across the portfolio.
The solution included extracts of structured and unstructured data from all organizations in near real time. The data was mapped using the POLE model, enabling the tracking of customer data and DSAR requests processed in seconds. DSAR requests were handled both on a venture-by-venture basis, and for the entire portfolio in the same way, without incurring extra expenses. Portfolio managers were able to quickly discover discrepancies in the CRM systems, as well as many records of buyer customers, from outside marketing companies, who had not given any consent.
Large financial organization that had multiple copies of the cloud-based CRM that needed to be consolidated. The main challenge was to ensure that day-to-day operations were not interrupted, as all copies were used in production environments.
The solution was to create a new consolidated CRM that would receive real-time data from other systems. Although the data was extracted from the active systems, the data was tracked, identified and cataloged in an easy-to-match model developed for the English Government, to track and share personal data between departments. The solution was able to quickly consolidate data from the various CRM systems and disable legacy sources one at a time, in a non-risky way. The company was able to reduce expenses with the CRM provider and was able to quickly comply with GDPR for this small data set.
Tracking Personal Data
Large foreign exchange retailer, with decentralized customer management systems, operating in more than 30 countries. The main challenge was to extract and track data from European citizens living in foreign countries. The company had several fragmented CRM systems and often used unions to physically handle transactions with customers, using shared file systems. The unions stored personal data in spreadsheets and emails.
The solution included extracts of emails and files located in Office 365, DropBox and Google Drive almost in real time. The data was compared with 3 different CRM systems and incompatible records were flagged for manual intervention. The company found it especially useful to get rid of obsolete records that had incorrect or incompatible details.