GDPR User Manual

Definitions

  • Data Record: a record from a structured data source;
  • GDPR Item (token): A personal data record (e.g. name, email or IBAN);
  • Data Record = Data type = GDPR item = GDPR token;
  • PII = Personally Identifiable Information;
  • Object: any record or file in the data set (e.g. email, PDF or presentation);
  • Issue: any Personally Identifiable Information (PII) matched by the GDPR engine;
  • GDPR Score: a fuzzy number that is calculated over the issues based on GDPR items’ variety, sensitivity and number within the object;
  • Data collection: a combination of data from different sources;
  • Data Source: a system or an application containing objects (e.g. CRM system, mail server, file share);
  • Resolved issue: an issue with the tag “Resolved”;
  • Unresolved issue: an issue with the tag “Unresolved”;
  • Data tab: a pre-set data collection visible as a tab in the user interface;
  • Open share alert: an alert triggered when an object containing PII is available to the high risk Active Directory (AD) groups;
  • Outgoing data alert: an alert triggered when an object containing PII is being transferred outside of the company.

Login & Credentials

Login to INDICA GDPR with your user credentials (username and password).

../_images/login1.png

GDPR Dashboard Overview

After login, you will be redirected to INDICA GDPR Dashboard section, which consists of 3 main tabs:

  • Overview: High-level summary of all GDPR information, activities and numbers.
  • Landscape: Risk map and personal data distribution across your company’s infrastructure.
  • Issues: The list of risk related objects and the progress.

You can navigate between them on the top of the screen.

INDICA GDPR Dashboard section is a visual representation of all PII (issues) detected by INDICA. Detailed description of INDICA Search interface is in the INDICA Object Review article. You can access the INDICA Search interface at any time by pressing the ‘Open in INDICA’ button on the top right side on the Status bar.

../_images/overview2.png

The Status Bar is located under the main tabs. It shows the total number of issues, the amount of resolved and unresolved issues, the open share and outgoing data alerts.

Status bar remains the same in all dashboards.

../_images/status.png

Please note that the total number of issues will be high by design as INDICA classifies any object containing PII as an issue unless configured differently.

The INDICA administrator can make a list of email domains and IBANs that will be recognized as corporate, so that they will not be identified as issues. Using additional risk mapping the administrator can further fine-tune the results. You can read about how to do it in the GDPR Administrator guide.

When an object is recognized as an issue, it is automatically tagged as “Unresolved”. To resolve an issue, you need to delete all existing tags and manually tag it as “Resolved”. Any changes you make will be automatically reflected on the dashboard.

An Open Share Alert is triggered when an object containing PII is accessible to high risk AD groups.

The INDICA administrator can create a list of high risk AD groups in the Administrator panel.

An Outgoing Data Alert is triggered when an object containing PII is being transferred outside of the company.

Your administrator will be able to configure which personal information is safe to share with whom, as well as what is to consider as a personal information.

On the left side of the screen you can see filter options. You can apply/cancel/reset filters by clicking on the corresponding circle. Your choices will be automatically reflected on the dashboard. To reset all filters, you can reload the page.

Filters are applicable to all dashboards, filters will be reset when switching to a different dashboard. Filters will also affect the Status Bar.

../_images/filter1.png

Overview Tab

The Overview Tab provides the real-time information about the personal data stored in your company and shows your progress in resolving GDPR issues.

1. GDPR Items

The table on the left side shows the amount of issues categorized per GDPR token. The pie chart shows tokens attribution to the total count. Inside the pie chart is the total number of GDPR issues recognized by INDICA.

GDPR Item/token is a personal data record (e.g. name, email or IBAN).

To view all objects containing a certain type of GDPR item, click on the corresponding colour in the pie chart and you will be redirected to INDICA for object review.

../_images/items.png

2. Data Sources

In the right of Data Sources diagram, you can see the total number of objects within your company. The table shows a list of data sources connected to INDICA appliance and the number of objects stored in each data source.

Please note that the data source does not equal to the data collection. Data source refers to the real IT systems and applications connected to INDICA (e.g. CRM system, mail server, file share).

To view all objects within a specific data source, click on the corresponding colour and you will be redirected to INDICA.

The number of results presented in the INDICA Search interface might be different from the number of objects shown in the dashboard. This happens because INDICA provides the data collection excluding duplicates. To learn how to review duplicates please read Object Review article.

../_images/datasources3.png

3. Build Up of Privacy Data Over Time

In the left bottom graph, you can see when the objects containing certain GDPR items were created. The y-axis shows the amount and type of personal data created, and the x-axis represents the timeline. Based on this information, you can detect trends.

To view all objects created in a specific time period, click on the corresponding colour and you will be redirected to the requested data collection in INDICA.

../_images/buildup.png

4. Progress

In the Progress dashboard, you can see the number of issues that were reviewed/not reviewed based on the creation date of the object.

To view all solved/unresolved issues corresponding to the objects created in a certain time period in INDICA, click on the corresponding colour.

../_images/progress.png

Landscape Tab

Filters are applicable to this tab.

1. GDPR Risk Radar

The GDPR Risk Radar maps the risk severity of objects based on the GDPR score and the number of users who have access to the objects. The higher GDPR score is and the more users have access to the object the higher risk is considered. The GDPR score is calculated based on the sensitivity, amount and the variety of GDPR items detected within the object.

GDPR items sensitivity can be customized in the Administrator panel.

You can hover over a dot to see the exact GDPR score, the number of users and the number of objects. A single dot represents one object. Bigger dot represents a collection of objects grouped by the same GDPR score and accessibility. Click on the dot in the graph to view the underlying objects in INDICA.

When you hover over a small dot and see the [Count: 6] it means that an object has 5 duplicates. When you click on this dot you will see all 6 identical objects in the INDICA Search interface as if you have been reviewing duplicates.

../_images/rr.png

2. User Group Access to Data Sources

The graph indicates which user groups have access to which data sources. The lines in the dashboard tie the user groups to the data sources they have access to. When you hover over the line you will see how many objects a user group have access to within a data source. General speaking, you only want to see the user groups per IT system that should have access to that system.

../_images/uga.png

3. GDPR Items Per Data Source

The graph provides an overview of the GDPR items’ distribution per object type and their relative shares across data sources. To see which GDPR items are detected within a certain object type click on the corresponding part in the graph.

../_images/gr.png

4. User Group Access to GDPR Items

This graph represents the availability of GDPR items to user groups. Hover above an object type to gain more insight. Click on a user group to see which GDPR items are available to what user groups. The size of the section represents its relative share.

../_images/ugai.png

Issue Tab

This tab is fully dedicated to the privacy issues. It contains a full list of privacy issues and the graphs on the right side represents your total progress.

The pie chart is a visual representation of the workflow status. In the line chart below, you can see the number of issues that were unresolved/resolved based on the creation date of an object. To review all resolved/unresolved issues corresponding to objects created in a certain time period, click on the corresponding colour.

../_images/issue.png

You can filter the privacy issue list by risk level, data type or time period. You can preview an object from the list by hovering above the “Preview” button. Preview window will show the corresponding GDPR score, summary of the content and user groups access. To review an issue, click on it and you will be redirected to INDICA. In the Object review article you can read how to work with INDICA to review issues.

../_images/issue2.png

Object Review

1. INDICA Home Page Overview

INDICA is the main workspace to review issues and gain insight of your data. On the Home page, you can see the list of data collections, list of objects, all possible filtering options, search options and tagging functionality.

The bar on top provides the list of data collections with the number of objects they contain. The “GDPR” button on the right side leads to the Dashboard. You can further access your account settings and customer portal to find all user guides or ask questions.

Pre-set data collections are visible only if the INDICA administrator enabled this feature and set up queries to build them in the Administrator panel. In case Privacy data tab feature is enabled, the data collection will also appear on the top bar together with other data collections.

You can navigate among data collections by clicking on them. The “Start” tab shows objects from all data sources except Privacy Data tab. On the bottom of the page you can see the list of objects you are going to operate with.

On the top right side, you can see the number of unique objects in the list and the number of duplicates.

../_images/or.png

With INDICA you can narrow down the list of objects and work with the most relevant objects. To work with a specific data collection you can apply searches, use filters or choose the pre-set collections. You can search through the objects by typing in key words or phrases in the Search Bar. You will see a list of results ranked by relevance. To learn more about the search options and engine capabilities please read eSearch Overview article. You can also build and save advanced queries to find specific objects. You can view the query list by pressing “Saved queries” button. Please read Advanced queries article to learn how to build them.

In case object does not appear in the search result, it means that you either do not have the right to access it or it does not exist (anymore).

You can follow your progress on the workflow tab. Press the arrow to access it. You can navigate by clicking on the stage you would like to review. As a result, you will get a list of objects that belongs to the workflow step.

../_images/workflow1.png

2. Filtering Capabilities

On the left you can see most of the filtering options with number of results within each filter. You can apply several filters at the same time. You can also choose a time period (under the Search bar) to review the objects created in certain dates.

You can search through the filtered list. You can apply multiple filters to pre-set data collections.

In case an object does not appear in the search results but filter count is not 0 it means that you do not have the right to access it. In case the system does not provide you with the needed filter, it means that there are no files corresponding to the certain parameter.

../_images/filtering.png

Another option is to review the data using built-it visual filters. To access them press “Visual filters” button. In the pop-up window, you will be able to choose the best suited visual representation of your data:

  • World Map
  • Relations
  • History
  • Email map
../_images/em.png ../_images/wp.png

If you click on the element in the visual you will be redirected to the object or list of objects corresponding to it. To learn more about visual filters please read Visual Filters article.

3. Tagging

Under the time span there is an area dedicated to tags. It allows users to grant/remove/change tags to multiple objects (on the current page or all data collections). Tag names can be added/configured in the INDICA admin section.

../_images/tagging1.png

Please read more about tags in the Object Review section below.

4. Object Review

This article will describe all operation applicable to a single object or multiple objects.

  1. What you can do without opening an object:

Every object on the list have the following instantly visible properties:

  • Name
  • Date of creation
  • Size
  • Unique id
  • Location
  • Number of duplicates
  • Tag

In case an object property is not visible it means that this attribute is not applicable to this type of objects.

You can undertake the following actions:

  • Download the original object on your computer
  • Find similar objects
When you press a button “similar document” INDICA automatically builds an advanced query using the first 30 key words within the initial object. The results of this query will be presented as similar documents. Results will be shown upon relevance. Accuracy of the results depends on the length of the objects’ content, the longer the better. Please review the results before performing an action.
  • Duplicates

Press on “Duplicates” to be redirected to the list of duplicates. Duplicates are marked based on the actual content of a document.

../_images/pv.png
  1. What you can do after object is open:

To open an object, simply click on it and you will be redirected to the Item details page. You can move back and forth through the list of objects by pressing the arrows on the top right side of the page.

../_images/or2.png

Item details page allows to review content of the object, delete/change/ assign tags, download PDF or original file. You can read more about tagging and its usability in the Tags article.

Please note INDICA operates with the mathematical model of your data. When opening an object in INDICA (Item page) you are not working with the original object. You are never able to create, delete, change or anyhow process the original data with INDICA. In case original object is changed it will be reflected in INDICA if the (continuous) scanning feature is enabled.

Press on the arrow on the right above the document content to view meta data of the object. It contains a variety of different properties depending on the object type.

Properties typical for every object – owner, creation date, GDPR items, access control list.

The list of GDPR items contained in the object is located on the bottom of drop down window. It is followed by the access control list. This information might be useful to delegate risk mitigation to the object owner.

Tags

Tags are very important in the process of issue and object review. Tags allow to sort issues and track the overall progress. There are 2 default tags: “Resolved” and “Unresolved”.

INDICA administrator can add as many tags as needed in the Administrator panel.

All the objects containing GDPR Items are automatically marked with the “Unresolved” tag unless it was configured differently.

Other tags are assigned manually. An object might have multiple tags.

To manipulate with the tags of a certain object, open the Item details view. On the top left you will see the list of existing tags assigned to the object. You can delete them pressing the cross. To add a tag press “+ tag” button, choose the tag from the drop-down list and press the “Save” button. The changes will apply automatically and will be reflected in all dashboards and filer views.

You can also manipulate with the tags of multiple objects. This functionality is available on the main (Home) INDICA page above the list of objects.

Before making changes, you need to select objects. You can do it by ticking the box next to the file creation date. Alternatively, you can press the “Select all” button and choose to select all objects or objects listed on the current page. When you selected objects, you can manipulate with the tags.

Purposes of tags:

  • Resolve issues: When you mark an object (issue) as resolved. It will reflect on the progress dashboard.
  • Create a list of objects to delegate the risk mitigation: You can assign a custom tag to an object or multiple objects and then delegate their review to the object owner or responsible employee.

After the custom tag is assigned you can ask INDICA administrator to export the list of objects with this tag. You can read how to do it in the GDPR Administrator guide. The list will contain object name, location and other object properties. This list can be forwarded to responsible person, so he or she can take an action. The changes will reflect in INDICA in case continuous scan is enabled. Otherwise you can change objects status manually based on the results. You will be able to access the list of objects with the certain tag by applying the filter.

Privacy Data Tab

This data tab is an automatically created collection of identity cards and objects related to the data subjects. It is build out of objects within the data set. It is presented as a separate data tab (if configured) to enable and simplify an access to personal cards of data subjects to guarantee the right to be forgotten, right of access and the right of transportation. To export the data use “export tags” feature. You can read about it in the “Tag” article.

Please note that your administrator should enable the feature in the Administrator panel. Administrator can choose any name for this data tab.

../_images/pdt.png