Enterprise data is complex and snowballing. Privacy and data/IT teams have the impossible job of protecting the data while data is ubiquitously available across the organization. Organizations often focus on data discovery and classification. But they fail to apply similar rigor to analyze who is using the data and how it is used.
Unfortunately, in reality, most privacy fines are caused by non-compliant processing activities. Refer to the chart below that summarizes GDPR fines to date. 55% of the penalties are for processing activities. Therefore, understanding who uses the data and how they use it becomes critical.
For instance, Twitter was recently fined $150M for using customers' phone numbers that weren't intended for marketing purposes.
Delivering privacy and meeting compliance depends on many factors, including:
Current data discovery/classification tools focus on finding personal data (WHAT). But data discovery tools don't analyze the users (WHO) and activities (HOW). As a result, businesses spend months after completing a data discovery exercise to understand the risks and meet compliance.
Protecto tackles the questions that data discovery/ classification tools don't answer. We help companies holistically answer the following privacy questions.