Do you know where all your sensitive data is?

Companies across the EU know they need to become GDPR complaint by the 25th of May this year. GDPR will affect some businesses. more than others but the large majority of companies will have to increase their level of security around the PII data they collect and how they store it. But before they can go ahead and do this they first have to find out where their sensitive data is currently stored and figure what to do with it.

All businesses want to protect the data they collect but how can you protect something if you don’t know where it is?

Ask any IT manager in the EU today if finding out where their sensitive data is across their network is simple, without a tool to use, and I guarantee you won’t like their response! In simple terms finding that data right now is a long and laborious process which takes time! Time is something every business doesn’t have a lot of let alone the already under pressure IT department. So discovering that data for all businesses has to be a priority.

Businesses have to know what data is relevant under GDPR, what systems and departments hold the most sensitive data, who’s workstation or cloud storage has sensitive data on it which might put the business at a higher state of risk if they were to be breached.

There seems to be some misconception around the Cloud. As most companies have a lack of understanding what sensitive data is being stored there and they themselves must take responsibility to secure. GDPR guidelines clearly state if you are storing sensitive data irrespective of where you have to take steps is secure it. This is a great example of needing the correct tool that can discover and remediate sensitive data across your entire network nit just certain parts of it.

Deleting all your sensitive data is like cleaning all the dust in your house, it always comes back. So you need continuous monitoring.

At Ground Labs, we use an analogy of cleaning your house being similar to cleaning up your sensitive data. You can vacuum and the dirt is gone but you are not going to clean your house once. The dirt will always find its way back into the house. This is similar to sensitive data, once you manage to clean it up, it will always find a way back into your business. So the tool you choose has to be able to continuously look to discover and monitor where your sensitive data is.

This where the correct data discovery tool plays a major factor in finding your sensitive data. Such a tool as data security at its core and it allows organisations to constantly track where the sensitive data. I’m sure some of you will be asking the question, “could we not find our own sensitive data?”

Maybe…but to discover and identify where every last instance of sensitive data is across your entire network has to be the foundation of your compliance for GDPR. The hefty fines of 4% of global turnover or 20 Million, if you get something wrong, should not be taken lightly.

A discovery tool can provide business insights into exactly where the sensitive data is and give options to make some quick wins by remediating the data found. By having a tool in place the process of discovering data becomes an ongoing process.


Instead of eating into the IT departments already hefty schedule, you need to find a tool that works for your company. As your GDPR compliance project continues past the deadline having such a tool will become invaluable to help you fight cybercrime and the possibility of a data breach.

Want to keep up with all our blog posts? Subscribe to our newsletter!