Image
Locate and Protect GDPR-Related Sensitive Data in SharePoint

Locate and Protect GDPR-Related Sensitive Data in SharePoint

The General Data Protection Regulation (GDPR) established rules for handling personal information in the EU. And with strict penalties for noncompliance, it puts the onus on businesses like yours to know where all their GDPR-related data is located and how it’s treated. 

With GDPR, companies must follow strict guidelines on the collection, use, protection, and deletion of personal information. Citizens also have rights under GDPR, including the right to know what information has been collected, how it is used, and most importantly, the right to be forgotten. Finally, the rules not only apply to organizations within the EU, but also to any organization that collects personal data about EU citizens. Therefore, many companies in the U.S. must also comply or risk penalties.

Unfortunately, locating, tracking and protecting personal information across a wide range of repositories is a difficult task. Databases can be centralized, but it becomes much harder to govern personal information once it “leaks” out into reports, emails, and documents.

Why You Should Use Egnyte to Find GDPR Data in SharePoint

Many organizations use Microsoft SharePoint in conjunction with other Microsoft 365 tools for their workflows and processes, which makes their files more difficult to govern for GDPR. 

Egnyte customers have always been able to discover personally identifiable information (PII) covered by GDPR in their Egnyte file system. This could include data such as names, ID numbers, location data, or other personal online identifiers. But you can use the platform to find PII in a host of other content repositories, including SharePoint. 

More importantly, Egnyte’s AI uses context information to decide whether a string of digits is a personal identifier or just a partial number. Once the information has been located, Egnyte flags potentially sensitive content in your dashboard, and you can even put in guardrails to limit information sharing outside your organization.

In short, once you’ve completed the quick setup process outlined below, Egnyte will automatically find the information, highlight it, and protect it. This helps your organization remain in compliance and protect your customers’ information without any heavy lifting from your IT staff. 

How To Find GDPR-related Content With Egnyte

To find GDPR-related content in SharePoint, you’ll use Egnyte’s Secure & Govern smart content governance solution, which includes services for classification, access control and lifecycle management.

Add SharePoint to Your Content Sources

For this task, you’ll use the Content Classification engine. Open Secure & Govern, and then select the Content Sources tab.

You'll need to add SharePoint to the list of “Cloud Content Sources.” Select Add Cloud Source, then Microsoft Content Source, at which point you will be led through a series of steps to authentic Egnyte and your Microsoft account, which will then give Egnyte access to the drive.

The Content Classification engine has already been trained to identify PII according to GDPR guidelines. Therefore, the only step remaining is to begin the information scan. 

Set Up a Policy for GDPR Scans

Go to Policies under Content Classification and click on General Data Protection Regulation under the General Privacy tab. Keep in mind that, as a result of Brexit, there are now two separate versions of the regulations—GDPR and UK GDPR. Click on the most appropriate regulations for your company’s requirements. 

You can also define the scope of your policies. A “Broad” policy is a more sweeping scan and may pick up additional data that is not PII. A “Narrow” policy only detects the national identifiers, personal health identifiers, and banking information of the citizens of all 27 EU countries. A broad policy is more inclusive, so you are more likely to receive alerts on information that is not PII. However, by providing this option, Egnyte lets you tune the sensitivity to the needs of your organization. 

Also, during your initial setup, you should consider adding privacy policies from other jurisdictions that pertain to your business. Egnyte supports various additional privacy regulations from the UK, as well as those from several U.S. states and Canada. It’s useful to scan for these policies in case a citizen from the UK, Canada, or the U.S. is living in the EU. 

After making your selections, Egnyte will scan all repositories, including SharePoint, for any information that matches the regulations you selected for your policy.

After the initial scan is complete, Egnyte will report the presence of sensitive PII content on the Sensitive Content tab of the Secure & Govern page. There, you'll see all sensitive data located that’s been identified by Egnyte, and you can click on an alert, which will recommend how to manage it.

When you select a particular alert on the list, the right pane includes details on that alert, along with a recommended “one click” fix.

You can also click on Show Selected Content to see the actual data that’s in violation of the policy. You can open the actual folder to go to the file in question, or export a list of identified files.

In some cases, PII is included in a file with other information that may not be sensitive. In that case, you may want to send a list of affected files to the data owner to ask if the entire file should be deleted, or if only the sensitive PII should be redacted from the file.

Add Safeguards for Securely Sharing PII

With Egnyte, you can do more than just find GDPR-related data; you can also control how your users share PII. 

Select the Content Safeguards tab, and create a safeguard policy aligned to the content policy that you already created. We also recommend that you use private links to restrict the sharing of PII for specific content. Private links are only accessible to designated Egnyte users within your account. You can also use a password-protected public link for external sharing.

Once you’ve made your selections, simply click Create Policy and Egnyte will begin protecting your sensitive PII that’s covered by GDPR.

To Learn More

To learn more about Egnyte’s capabilities, watch and share our webinar about managing threats to GDRP compliance.

Share this Blog

Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte’s Privacy Policy.