We helped the UK Government identify and consolidate personal data, and store it safely in cloud environments, enabling data sharing between government departments.
To achieve this, we had to fulfill several requirements:
- Highly Scalable (capable of storing trillions of records) and fully automated platform
- Multiple Data Formats
- Open Source
- Real time data analysis and reporting
We help large companies quickly generate data leakage reports, including the number of natural persons impacted by the data breach, as well as data sources. Given the short period of 72 hours to report a data leak, having automated report generation is crucial to comply with GDPR, and reduce reputational damage.
In one case, the source of the data leak was a phishing attack of a corporate email’s shared inbox used by the marketing department. Pontus Vision was able to quickly produce a report with the total number and names of all the natural persons’ personal data leaked. Without Pontus Vision, it would be complex and time-consuming to identify which records were impacted, as many were stored in e-mail attachments, and required more time to read than the 72 hours allowed. Pontus Vision automatically maps all the personal data as it arrives, making automatic reporting a trivial task.
DSARs and Consent Management
Under GDPR and LGPD, natural persons can make DSAR (data subject access requests) at any time. DSARs can request all the personal data to be released, updated, or deleted. The deadline to complete a request is 30 days for GDPR and 15 days for LGPD.
In this case, a major publisher was struggling to manage the high volumes of DSARs, as each request was fulfilled manually. After the introduction of Pontus Vision, the client was able to fulfil 100% of the requests within the law’s deadlines, and reduced the mean time to produce a report from days to seconds.
GDPR Group Compliance
Private Equity company with a portfolio of several medium-sized companies, ranging from supermarkets to clothing stores. The main challenge was to ensure that, as the controller of multiple ventures, there was a single view of compliance risk reporting across the portfolio.
The solution included extracts of structured and unstructured data from all organizations in near real time. The data was mapped using the POLE model, enabling the tracking of customer data and DSAR requests processed in seconds. DSAR requests were handled both on a venture-by-venture basis, and for the entire portfolio in the same way, without incurring extra expenses. Portfolio managers were able to quickly discover discrepancies in the CRM systems, as well as many records of buyer customers, from outside marketing companies, who had not given any consent.
Large financial organization that had multiple copies of the cloud-based CRM that needed to be consolidated. The main challenge was to ensure that day-to-day operations were not interrupted, as all copies were used in production environments.
The solution was to create a new consolidated CRM that would receive real-time data from other systems. Although the data was extracted from the active systems, the data was tracked, identified and cataloged in an easy-to-match model developed for the English Government, to track and share personal data between departments. The solution was able to quickly consolidate data from the various CRM systems and disable legacy sources one at a time, in a non-risky way. The company was able to reduce expenses with the CRM provider and was able to quickly comply with GDPR for this small data set.
Tracking Personal Data
Large foreign exchange retailer, with decentralized customer management systems, operating in more than 30 countries. The main challenge was to extract and track data from European citizens living in foreign countries. The company had several fragmented CRM systems and often used unions to physically handle transactions with customers, using shared file systems. The unions stored personal data in spreadsheets and emails.
The solution included extracts of emails and files located in Office 365, DropBox and Google Drive almost in real time. The data was compared with 3 different CRM systems and incompatible records were flagged for manual intervention. The company found it especially useful to get rid of obsolete records that had incorrect or incompatible details.