LATEST INSIGHTMAKER RELEASE: Discover the new features coming to InsightMaker in our Oslo release

Case Studies    Wesleyan

How Wesleyan used InsightMaker to manage GDPR compliance

Using InsightMaker, Wesleyan are confident they have a regulatory compliant solution for managing personal data on their network drives.

Aiimi Services

InsightMaker

Client Overview

Wesleyan

Insurance

Play Video Icon

The Challenge

Wesleyan faced the challenge of how to manage all the personal data created in their systems before the GDPR came into force in May 2018.

When the GDPR hit in May 2018, financial consultants Wesleyan introduced a ‘people, processes and policies’ approach. They educated their employees who managed personal data, updated their policies and redesigned their processes surrounding personal data to be compliant with regulation. But in doing so, they revealed a challenge: what to do about all the personal data created before the introduction of their policies in May 2018? Could they say with confidence that their employees were actually adhering to these processes and policies – or that they would in the future if they went through a merger or acquisition, and had new data sets flooding into the business? As Ross Easterby, Wesleyan’s Data Governance Manager put it, “customers...expect us to do more and get it right first time. Data helps us find new opportunities, and there’s always a regulatory concern. We want to take care of our data and manage it for our customers in a respectful and good way.”

Our Solution

InsightMaker enabled Wesleyan to crawl and index their network drives to find where sensitive information was stored.

Working with Aiimi, Wesleyan created a ruleset to determine the definition of sensitive material – for example, defining what a piece of personally identifiable information is. Some of them were standard and used by everybody...a national insurance number for instance, or a Wesleyan-specific policy number. They needed to program InsightMaker so it knew what to look for. Then, using InsightMaker, Wesleyan crawled and indexed all their network drives to find their sensitive information. InsightMaker assessed each file with a triangulation of three factors: the number of subjects who had personal data contained in the file, the number of personal data entities (such as credit card details, NI numbers, addresses, personal details) and how visible the file was to their users. InsightMaker used an algorithm to automatically work out these three pieces of information, in order to work out which files were low risk, medium risk or high risk. For instance, a document that could only be accessed by a handful of users and contained just one piece of low risk personal data could be given a low risk profile. In contrast, a collection of documents that were accessible by the whole organisation and contained personal bank details clearly present a high risk for breach.

The Results

Using InsightMaker, Wesleyan are able to confidently locate personal data across their network drives. Good quality data management has also helped them to reduce departmental sorage usage by up to 40%.

The initial results show that the problem Wesleyan anticipated was bigger than they thought, but with the ruleset they programmed, they were confident they could scan their network drives and documents, and take action. Besides finding documents and deleting them, what Wesleyan found is that by talking about unstructured data with managers across the firm, the importance of data and why good quality management of data could support their strategic goals really shone through. As Ross puts it, “When we deployed InsightMaker to a particular department we typically saw a reduction in the number of files being stored...between 10% and 40%, and then there’s an equivalent reduction in the amount of storage space that’s being used by that particular network drive for that department. InsightMaker delivers on our use case – we wanted to define where our personally identifiable information was stored on network drives, and we succeeded in that goal. We are confident we have a regulatory compliant solution...I’m really pleased."

Get in Touch

Have a project in mind?

We'd love to chat with you and find out how we can help solve your unique challenges.

Aiimi Logo