x

Search the Findwise web

GDPR compliance

A GDPR-compliance case

How does an organization work compliant AND efficient?

Challenge

The customer, a Union in the Nordics with more than 1.000 employees, knew that employees traditionally used Outlook to share- and store information about members. Furthermore, they have a system that added information to their employee’s calendars, when a member booked a meeting online. This means that you might find personal information about members in Outlook calendars, from previous meetings dating back as far as the booking system. The management has a 0-tolerance policy when it comes to Outlook and GDPR critical legacy data. However, cleaning the e-mail accounts and calendars would take several weeks, since Outlook has been such an important- and frequently used tool in the day-to-day work.

Solution

Using components from our Findwise i3 framework combined with the popular Open Source search engine Elasticsearch Findwise indexed all the customer’s email accounts, looking into the mail body as well as attachments and calendar events. Findwise solution makes it possible to filter on the emails the user will need to address, setting aside the thousands of mails that are irrelevant in regard to GDPR. Findwise indexed:

  • Mail bodies and subjects
  • Attachments
    o Word
    o Excel
    o PDF
    o PowerPoint
  • Calendar events

We added a category to ALL the user’s Outlook account called “Contains Social Security Number”, giving them the possibility to find Social Security Numbers. In addition, the indexed data is shown in a dashboard created for relevant HR staff, to monitor the progress of the cleanup-exercise. Social Security Numbers are obscured, to avoid duplicating the critical information.

Result

The added a category to the user’s Outlook account, will let them filter their mails by whether or not they contained Social Security Numbers, which drastically reduces time needed for the employee to clear out GDPR critical information from his/hers e-mail account. Moreover HR will be up to date on the progress of the cleanup and training around user’s behavior/workflows can be coordinated on the basis of the overview in the dashboard. In the event of RTE enquiries (also known as The Right to be Forgotten), this is essentially a one point of entry. HR can look up a specific social security number and create a report for the person enquiring.

In this case, the report would show relevant content across all e-mail accounts. But since we used search technology it’s possible to integrate additional sources and effectively handle RTEs across the entire organization in seconds, for instance fileshare or the intranet.

Technologies used on A GDPR-compliance case

We build search solutions based on any platform and have partnerships with all leading vendors.

Elastic (Elasticsearch) - A powerful component for modern search technology.
Findwise i3 - Turning your search engine into an insight engine.