Skip to content
English
Contact us Customer portal Sign in
  • There are no suggestions because the search field is empty.

FAQ

Most frequently asked questions when rolling out the Data&More data cleanup tool in an organisation

 

# What is the Data Protection Regulation?

The Data Protection Regulation is a regulation adopted by law of Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, etc.

# Why am I involved in the GDPR cleanup project?

To ensure that the company complies with and complies with the Danish Data Protection Agency's guidelines on the protection of personal data. In keeping with the Data Protection Regulation, management has chosen to use an automated clean-up tool.

# What does the clean-up tool do?

The cleanup tool scans and identifies potentially non-compliant data in emails and files. It enables each employee to handle sensitive personal data correctly, quickly and simply.

# When do I know what to do?

All employees involved will receive notification by email with further guidance and information.

# What should I do during the scanning process?

Don't do anything - this is an automated process in which selected sources, such as emails or file drives are scanned for specifically sensitive data such as Social Security numbers.

# Can this scan mean anything in terms of my work, career, litigation, etc. ?

No - it is the company's responsibility that the Data Protection Regulation is complied with. The company can be fined, but not as a rule the individual employee. 

# What if you find sensitive data that I own?

In the cleanup report, the individual employee can see the sensitive data that has been found, which is probably in violation of the Data Protection Regulation. You will be guided in what to do.

# Can other employees view my notification report?

No, the cleanup report is personal and addressed only to the owner of the email or file drive.

# Who can see my data?

The scanning tool has not been granted new rights that the IT department does not already have. The security committee / project team has access to the solution and will carry out random checks to ensure that the solution finds and handles emails as expected and that the solution is not misused.

# Does the Solution Continuously Reanalyze New and Existing Data?

The Data & More Compliance solution is engineered to perpetually monitor and analyze both new and existing data. Given the voluminous nature of some data repositories, the scanning process can extend over weeks or even months. This comprehensive analysis involves examining all files and applying Optical Character Recognition (OCR) to images, converting them into machine-readable text formats. This meticulous process is inherently time-consuming.

Scanning is not conducted based on the age of the data but rather, it proceeds one folder at a time, irrespective of the data contained within.

At the core of our system is a dedicated classification team, which is committed to refining our data classification mechanisms. This team leverages insights gathered from +75,000 users across various languages, customer demographics, and industry sectors. Feedback on false positives—data incorrectly identified as personally identifiable information (PII)—and false negatives—PII that was overlooked—is integral to our enhancement process. More details can be found on the Data & More Classification page.

The more precise the classification, the better it is for the end user. Therefore, we are committed to continuously improving the classification and reclassifying all data. This may lead to the discovery of Personally Identifiable Information (PII) in older data that was not previously identified. Such findings are not mistakes; they indicate our classification's improvement. This is an ongoing process. Furthermore, new classifications are continuously developed and implemented as new data protection rulings mandate the identification of new types of data.

 
This iterative process is crucial for the ongoing refinement of our global classification system, enabling it to consistently identify and dynamically reclassify PII within both newly ingested and previously stored data.

# When I have first processed any sensitive data after the scan - so what?

The scan is continuous, and it is a forward process to be GDPR-compliant. You will periodically receive cleanup reports when there is sensitive personal data in your email or files.

# How often is my data scanned?

Data is scanned continuously, this also applies to new data.

# What about my private emails?

The solution takes into account private content that is in email messages and on file drives. For example, leaflets/folders containing the wording/heading "private" will not be included in the cleanup report. Private emails must be placed in your private folder, named Private. Please note that business-related content may not be stored in your private leaflet.

# What happens if user doesn't do anything with data in the cleanup report?

In the cleanup report, you have the possibility of marking emails and files so that they are not cleaned up automatically. If this is not done within the timeframe specified by your organisation, the emails or files will be moved to the GDPRvault and then deleted.

# What happens if I mark with "Private"?

All emails and files that are marked "Private" will be exempt from the report and will not be included in future cleanup reports.

# What happens if I mark with "Misclassified"?

All emails and files will be marked with "Misclassified" will be exempt from the report. You should only mark email and files with "Misclassified" if you believe that they do not contain sensitive personal data.

# What happens if I mark with "Dispensation"

All emails and files marked "Dispensation" remains on the clean-up report until the “Dispensation” is removed. Dispensation is used for data that relates to an ongoing matter and therefore is relevant to keep.

Why are there old data points in my report that weren't included in the previous version?

A: Discovering old data in your current report, which was absent in the previous versions, can be attributed to several factors. Understanding these can help you address the issue more effectively:

  1. Data Syncing Delay: Sometimes, the system or platform collecting data experiences delays in syncing or processing information. This means data generated previously might only appear in the system during the next reporting cycle.

  2. Data Retrieval Errors: Errors or glitches in the data retrieval process can lead to incomplete data extraction. These errors, once resolved, can lead to the appearance of previously unreported data in the latest reports.

  3. Changes in Data Sources: If the sources from which data is pulled have been expanded or modified, this could introduce historical data previously not included or considered relevant.

  4. Reporting Period Adjustments: Adjustments to the date range or the reporting period can result in the inclusion of data from different time frames, potentially bringing in older data points.

  5. Data Cleaning and Processing: The process of data cleaning and validation might have identified and corrected previously unnoticed errors or gaps, leading to the incorporation of data that was omitted or considered invalid in past reports.

  6. System Reclassification and Improvements: Reclassification of existing data categories and improvements in data processing algorithms can lead to the inclusion of historical data that was previously classified differently or overlooked due to less sophisticated analysis methods.

  7. User-Defined Filters or Settings: Changes in report settings or filters, either by users or defaults set by system updates, can alter the scope of data being reported, potentially including data that was previously filtered out.

  8. Due to synchronization issues with Entra ID, recent changes in the source scope have not been fully propagated. The user in question has not previously been a member of the Active Directory (AD) group currently included in the scan
  9. Changes in the scope of a legal hold: Whe users are no longer subject to a legal hold, their data may become eligible for notificdaion.

Old data in new reports are to be expected for all of the above reasons and is part of the GDPR cleanup process. What is important is that you verify that the data should be deleted.

# What should I do when my Azure App Registration secret is about to expire?

"Our app registration secret is expiring — what's the procedure?" Some tickets were marked urgent because the secret had already expired, causing complete loss of access to the solution. This is a time-sensitive issue where proactive self-service documentation would prevent both customer panic and reactive support load. 

Suggested Answer:

When your Azure App Registration secret is nearing expiry, follow these steps:

  1. Generate a new secret in your Azure portal under the App Registration used for the Data & More solution. Set an appropriate expiry period (we recommend 24 months).
  2. Send the new secret value to Data & More support at support@dataandmore.com, along with your App ID and workspace name.
  3. Wait for confirmation — our team will update the secret on our end and confirm when it's active.
  4. Delete the old secret from your Azure portal only after you receive confirmation from us.

Important: Do not delete the old secret before we confirm the new one is in place — this will cause an immediate access outage. We recommend setting a calendar reminder 30 days before your secret's expiry date to avoid disruption.

#Why are users getting "Access Denied" when opening their cleanup report link?

The issue is consistently a technical one: the link requires the user to be logged into a Microsoft account that matches their organizational email, or the report link has been regenerated. Customers are confused and treat it as an outage. 

Suggested Answer:

If you receive an "Access Denied" error when opening your cleanup report link, try the following:

  1. Ensure you are signed in with the correct account. Open the link in a private/incognito browser window and sign in with your work email address (the same one the report notification was sent to).
  2. Check for multiple Microsoft accounts. If you are signed into multiple Microsoft 365 accounts in your browser, switch to your work account before opening the link.
  3. Ask your IT administrator to verify that your user account is included in the policy or Azure AD group assigned to receive reports.
  4. Request a fresh link from your IT administrator if the original link was sent more than 30 days ago — report links may be regenerated after system updates.

If the issue affects all users in your organization simultaneously, contact support as this may indicate a configuration change that requires attention.

#How do I add a FileShare as a data source, and what are the requirements?

"I can't add or scan a FileShare source" (no sources appear in the UI) to VPN connectivity issues and custodian resets. These are all symptoms of the same underlying knowledge gap: customers don't know the network/connectivity prerequisites for FileShare scanning. This affects IT admins during onboarding and after infrastructure changes.

Suggested Answer:

To add a FileShare as a data source in Data & More, the following requirements must be met:

  1. Network connectivity: The Data & More scanning server must be able to reach the FileShare over the network. If your FileShare is on-premises, a VPN connection or network route to the scanning server is required. Contact your network team to verify connectivity.
  2. Permissions: The service account used by Data & More must have at least read access to the FileShare root and all subfolders you wish to scan.
  3. Adding the source: In the Data & More admin portal, navigate to Sources → Add Source → FileShare and enter the UNC path (e.g. \\server\share). If no FileShare option appears, your account may not have the FileShare module enabled — contact support.
  4. Custodian assignment: After adding the source, assign a Data Owner (custodian) for each top-level folder. If custodian assignments are unexpectedly reset, this is typically caused by a re-sync — contact support to restore previous assignments.

If the FileShare does not appear or cannot be reached after setup, verify VPN/firewall rules and that the service account credentials are current.

# Do managers receive a separate GDPR report, and how do they access it?

The Manager Report is a distinct feature causing recurring support questions, particularly from customers rolling out the solution to larger teams.

Suggested Answer:

Yes, Data & More provides a separate Manager GDPR Report in addition to the individual employee cleanup report.

What it contains: The Manager Report gives team managers an aggregated overview of their direct reports' data cleanup status — including how many items have been processed, are pending, or remain unaddressed. It does not show the specific content of individual employees' sensitive data.

Who receives it: Managers are included in the report distribution when they are designated as a manager in your organization's Azure Active Directory (via the "Manager" attribute) and are within the scope of your active policy.

How to access it: Managers receive an email notification with a personal report link, the same way employees do. If a manager is not receiving their report, ask your IT administrator to verify their Manager attribute in Azure AD and that they are within the policy scope.

Note for IT administrators: Manager reporting must be enabled in your policy configuration. If it is not active for your workspace, contact Data & More support to enable it.

# The scanning agent (Universal Profiler) has stopped — what should I do?

The Universal Profiler / scanning agent stopping unexpectedly across different customer servers. IT admins are unsure whether to restart it themselves, wait, or escalate. Because the scanner stopping means no new data is being processed, it has a direct compliance impact. 

Suggested Answer:

If you notice that the Data & More scanning agent (Universal Profiler) has stopped on your server, take the following steps:

  1. Verify the service status: On the server hosting the scanner, check Portainer Services for the "Universal Profiler" service. If it shows as Stopped, note the time it stopped and any Event Log errors.
  2. Attempt a restart: You can safely restart the Universal Profiler service. It will resume scanning from where it left off — no data will be lost or duplicated.
  3. Check for common causes: The profiler may stop due to low disk space on the server, an expired service account password, or a network interruption. Verify these before restarting.
  4. Contact support if it recurs: If the profiler stops repeatedly, open a support ticket at support.dataandmore.com and include the server name, the time(s) it stopped, and any relevant Event Log entries. Our team will investigate the root cause.