Are You Striking Out With Your DSAR Duties?
“In baseball, my theory is to strive for consistency, not to worry about the numbers. If you dwell on statistics, you get shortsighted; if you aim for consistency, the numbers will be there in the end.” -Tom Seaver
Over the last few weeks, I have had a number of conversations with different customers that were struggling to keep up with the support/consulting/internal resources required to use their first generation and often inaccurate and out-of-date Personal Data Mapping (AKA’ Discovery’) tools. I posed the same question to each of the prospects that were looking to switch vendors. “You are very technical, and obviously know your business well – why would you use a solution that was obviously not built for consistent enterprise-grade network discovery?”
The ‘behind-the-answers’ answers were essentially the same:
Everyone else is using it – and no one ever got fired for using <Insert trusted vendor here>.
The problem is that Personal Data Discovery without real security principles (such as Zero Trust) leaves a gap that exposes the enterprise – and stakeholders have recently started to realize that.
Yes, you’ve ticked the checkbox. But is it the right checkbox?
These are the questions victims of ‘Mapping sold as Discovery’ solutions are asking us now.
Can your solution tell me consistently and sustainably where personal data is that it shouldn’t be – check.
One of the problems we have had is if we tell the system where the personal data is for ‘discovery,’ how can I trust it to tell me where any personal data is, and it shouldn’t be – check.
Can your system, consistently and sustainably, create accurate data lineage across all copies and partial copies of the personal data so I can have a high level of confidence? Extra points if it can be done in an automated way to reduce risk – check.
Can your system consistently and sustainably give me a 100% confidence level that if we get an SRR request, it is a real request around data transacted or used by our enterprise? We are having a massive amount of requests; we can’t keep up with the bogus ones – check.
Can your system, on an ongoing basis, tell me if all personal data is protected as the fines for breach, in this case, are much higher – check.
Can your discovery scale to our size environment as it is not scalable to continuously copy data from our Databases to a mapping solution? We have a huge network – check.
Can your solution consistently and sustainably ensure the data quality we need to be able to discover all uses of personal data and related data, so we have a high level of quality – check.
Do these questions sound familiar? Are you struggling with some of these issues? Schedule a call today and Discover how 1touch.io can help!