FAQ

Most frequently asked questions when rolling out the Data&More data cleanup tool in an organisation

# What is the Data Protection Regulation?

The Data Protection Regulation is a regulation adopted by law of Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, etc.

# Why am I involved in the GDPR cleanup project?

To ensure that the company complies with and complies with the Danish Data Protection Agency's guidelines on the protection of personal data. In keeping with the Data Protection Regulation, management has chosen to use an automated clean-up tool.

# What does the clean-up tool do?

The cleanup tool scans and identifies potentially non-compliant data in emails and files. It enables each employee to handle sensitive personal data correctly, quickly and simply.

# When do I know what to do?

All employees involved will receive notification by email with further guidance and information.

# What should I do during the scanning process?

Don't do anything - this is an automated process in which selected sources, such as emails or file drives are scanned for specifically sensitive data such as Social Security numbers.

# Can this scan mean anything in terms of my work, career, litigation, etc. ?

No - it is the company's responsibility that the Data Protection Regulation is complied with. The company can be fined, but not as a rule the individual employee. 

# What if you find sensitive data that I own?

In the cleanup report, the individual employee can see the sensitive data that has been found, which is probably in violation of the Data Protection Regulation. You will be guided in what to do.

# Can other employees view my notification report?

No, the cleanup report is personal and addressed only to the owner of the email or file drive.

# Who can see my data?

The scanning tool has not been granted new rights that the IT department does not already have. The security committee / project team has access to the solution and will carry out random checks to ensure that the solution finds and handles emails as expected and that the solution is not misused.

# Does the Solution Continuously Reanalyze New and Existing Data?

The Data & More Compliance solution is engineered to perpetually monitor and analyze both new and existing data. Given the voluminous nature of some data repositories, the scanning process can extend over weeks or even months. This comprehensive analysis involves examining all files and applying Optical Character Recognition (OCR) to images, converting them into machine-readable text formats. This meticulous process is inherently time-consuming.

Scanning is not conducted based on the age of the data but rather, it proceeds one folder at a time, irrespective of the data contained within.

At the core of our system is a dedicated classification team, which is committed to refining our data classification mechanisms. This team leverages insights gathered from +75,000 users across various languages, customer demographics, and industry sectors. Feedback on false positives—data incorrectly identified as personally identifiable information (PII)—and false negatives—PII that was overlooked—is integral to our enhancement process. More details can be found on the Data & More Classification page.

The more precise the classification, the better it is for the end user. Therefore, we are committed to continuously improving the classification and reclassifying all data. This may lead to the discovery of Personally Identifiable Information (PII) in older data that was not previously identified. Such findings are not mistakes; they indicate our classification's improvement. This is an ongoing process. Furthermore, new classifications are continuously developed and implemented as new data protection rulings mandate the identification of new types of data.

 
This iterative process is crucial for the ongoing refinement of our global classification system, enabling it to consistently identify and dynamically reclassify PII within both newly ingested and previously stored data.

# When I have first processed any sensitive data after the scan - so what?

The scan is continuous, and it is a forward process to be GDPR-compliant. You will periodically receive cleanup reports when there is sensitive personal data in your email or files.

# How often is my data scanned?

Data is scanned continuously, this also applies to new data.

# What about my private emails?

The solution takes into account private content that is in email messages and on file drives. For example, leaflets/folders containing the wording/heading "private" will not be included in the cleanup report. Private emails must be placed in your private folder, named Private. Please note that business-related content may not be stored in your private leaflet.

# What happens if user doesn't do anything with data in the cleanup report?

In the cleanup report, you have the possibility of marking emails and files so that they are not cleaned up automatically. If this is not done within the timeframe specified by your organisation, the emails or files will be moved to the GDPRvault and then deleted.

# What happens if I mark with "Private"?

All emails and files that are marked "Private" will be exempt from the report and will not be included in future cleanup reports.

# What happens if I mark with "Misclassified"?

All emails and files will be marked with "Misclassified" will be exempt from the report. You should only mark email and files with "Misclassified" if you believe that they do not contain sensitive personal data.

# What happens if I mark with "Dispensation"

All emails and files marked "Dispensation" remains on the clean-up report until the “Dispensation” is removed. Dispensation is used for data that relates to an ongoing matter and therefore is relevant to keep.

# Why are there old data points in my report that weren't included in the previous version?

A: Discovering old data in your current report, which was absent in the previous versions, can be attributed to several factors. Understanding these can help you address the issue more effectively:

1. Data Syncing Delay: Sometimes, the system or platform collecting data experiences delays in syncing or processing information. This means data generated previously might only appear in the system during the next reporting cycle.

2. Data Retrieval Errors: Errors or glitches in the data retrieval process can lead to incomplete data extraction. These errors, once resolved, can lead to the appearance of previously unreported data in the latest reports.

3. Changes in Data Sources: If the sources from which data is pulled have been expanded or modified, this could introduce historical data previously not included or considered relevant.

4. Reporting Period Adjustments: Adjustments to the date range or the reporting period can result in the inclusion of data from different time frames, potentially bringing in older data points.

5. Data Cleaning and Processing: The process of data cleaning and validation might have identified and corrected previously unnoticed errors or gaps, leading to the incorporation of data that was omitted or considered invalid in past reports.

6. System Reclassification and Improvements: Reclassification of existing data categories and improvements in data processing algorithms can lead to the inclusion of historical data that was previously classified differently or overlooked due to less sophisticated analysis methods.

7. User-Defined Filters or Settings: Changes in report settings or filters, either by users or defaults set by system updates, can alter the scope of data being reported, potentially including data that was previously filtered out.