DATA PROTECTION scanning databasesquickandeasy. authorities across . Luckily, technologycanprovide ahelpinghand, making can beatimeconsuming,manualtaskforanyorganization, includingdataprotection and preventing databreaches thanever. becomesmore important Findingbreaches In lightoftheEuropean Union’s new General DataProtection Regulation(GDPR),finding public registries How to avoid breaches in WHITEPAPER

nortal.com How to avoid breaches in public registries Avoiding breaches in public registries made easier

Organizations dealing with public information are facing a huge challenge as the European Union’s new General Data Protection Regulation will be enforced in May next year. The open transmission of data and public databases are a must in societies that want to be transparent and democratic. But how can we ensure that sensitive personal information does not end up on a public website, available to everybody?

Public document registries are an important part of ensuring the transparency of the government, but at the same time an effort has to be made to make sure there is no sensitive personal data freely accessible online for whoever knows the right search words.

Problem What will happen?

Although many business processes are the hands of criminals, no personal data As of May 25, 2018, the new digital and/or paperless already, there should become public as a consequence. European General Data Protection is still a considerable amount of work Regulation will be applicable. This will In order to accomplish transparency, impose worldwide requirements for that involves documents on paper. There many public institutions have been organizations that process the personal are tasks to perform when receiving, forced to make documents regarding data of EU residents. processing, sending and archiving their day-to-day activities public. But The impact will be severe. Anyone who documents, either as a main business in many cases these documents, processes personal data in the EU will process or as a supporting function in a available online, contain sensitive be subject to tighter regulation than larger business process. personal information. Ensuring that such what has been the norm so far. breaches of privacy do not happen has What data are influenced? Documents on paper are still handled in been a difficult — if not impossible — and • Personal data, including names, large numbers in both the private and time consuming manual labor. identification numbers. public sector. In the latter, privacy and • Location data. transparency of the document registries In light of the European Union’s new • Online identifiers such as email are two conflicting goals. In the interests General Data Protection Regulation addresses. of transparency, society would like to (GDPR), all organizations collecting • Information about a person’s have as much information as possible and processing data on EU citizens beliefs, health, cultural or social about their government and public have to make sure such breaches will identity and so on. institutions. not happen. At the same time, data All these data have to be protected from protection inspectorates have to be able data breaches. On the other hand, to protect privacy and to check that others are in compliance make sure information doesn't fall into with the new rules. WHITEPAPER BY NORTAL 3

Solution HOW CAN OUR TOOL HELP?

To find breaches, Nortal has built a new scanner that is capable of reading documents in various formats, including scanned paper documents. The scanner makes the content of scanned documents readable so that users can create certain queries and search for data with specific parameters. ...privately- As information can be sensitive in one context, but in another owned context not, the human users still have to go through the company? scanner’s findings to determine whether the data are sensitive or not. Get an overview of which documents in your organization contain The help that this technology offers considerably diminishes personal data, and therefore require a higher the manual labor that has so far been required to find such degree of protection. breaches. It also shortens the time needed to go through the Automate the parts of documents from days to mere minutes. GDPR compliance that you can.

Conclusion ...government ...government Aside from the legal issues and fines arising from the GDPR, institution with supervisory anyone whose data is breached would be vulnerable to surveillance, social engineering attacks, identity theft and so on document authority? – threats increasingly relevant in an online society. registries?

Institutions are faced with the challenge of pinpointing where Ensure that your citizens’ Find potential data data never become breaches faster, enabling personal data is stored and processed in their organization, publically available by to address them quicker which business activities require the processing of personal accident. and thereby prevent damage. data, and why. Therefore, having an overview of which Increase efficiency by documents contain personal data is a prerequisite for cutting down on manual Increase efficiency by work. cutting down on manual knowing what to protect, and allows an organization to focus work. compliance efforts where they are needed the most.

CUSTOMER STORY Data Protection Inspectorate finds breaches thanks to Nortal's scanner

Several municipalities in received a determine whether the documents contain additional scans, more sensitive personal rude awakening recently, when they realized personal data or not. data was found in registries that are publicly their public document registers contained accessible online. very sensitive personal information about In the course of analyzing documents found in people’s disabilities, social benefits decisions different public document registers, personal According to the inspectorate, public docu- or addresses, all easily accessible for anybody and sensitive data was found in different ment registries are an important part of ensur- who took an interest. registries. ing the transparency of the government, but at the same time an effort has to be made to The breaches were found using Nortal’s new The results of the scan were reported to the make sure there is no sensitive personal data document scanner that is capable of reading Estonian Data Protection Inspectorate who freely accessible online for whoever knows the documents in various formats, helping to then had a chance to use the tool. During their right search words. Nortal is building a seamless Nortal's approach to society globally Data Protection

Nortal is a multinational strategic change and Nortal’s approach to information security funnels technology company. Combining the unique scattered data streams into a unifi ed pool of data. experience of transforming Estonia into a digital leader This builds a holistic view of data characteristics and and creating change in businesses with a strategic interactions. Such a deep insight prescribes protective approach and data-driven technology, our vision is to measures and facilitates the formation of a functional build a seamless society. data protection policy.

Nortal works to build a seamless society that Nortal’s approach to tackling your data security stands on three pillars — enterprise, e-health, and challenges is not limited to the innovative use of e-government. In each of these three areas, Nortal has technology. It also covers change management and helped very influential customers achieve strategic country-specifi c legal support. change and build better experiences. Our approach to the GDPR compliance challenge Operating in Europe, the , , and North delivers cost savings, data consolidation and predictive America, Nortal doesn’t just provide IT services, but analytics. Our reference projects that have already actual structural reforms, focusing on the underlying been deployed are a proof that this will signifi cantly impact on the target organization, whether it be lower your operational expenditures to a fraction of the governments, hospitals or private enterprises. cost of the upcoming EU fi nes.

Get in touch with our expert

Nortal’s Head of Data Protection has been praised for his ability for seeing the bigger picture and communicating a vision, while at the same time having the capacity to take big projects through change. With more than ten years of experience in the tech industry, he is passionate about fi nding new ways to take full advantage of the data that organizations collect and store.

Artur Assor Nortal’s Head of Data Protection [email protected]

Learn more about Data Protection on Nortal's website: https://nortal.com/business/data-protection/