A Better Approach to Data Privacy with Truyo and Egnyte

If you receive a Data Subject Access Request (DSAR) today, what will you do? How does your organization respond to a request from a customer who wants to know what personal data you have and how you use it? What if a customer requests the “right to be forgotten”? How do you know you have deleted every instance of personal data from all locations in your company? Will you be able to respond quickly and completely?  

If you haven’t considered these situations yet, you’re not alone. Many organizations are scrambling to understand and prepare for new privacy regulations. Most companies are aware of the GDPR regulations in Europe and how they apply to any company conducting business with EU citizens, but they may be less familiar with similar legislative efforts in the U.S.  

Privacy laws such as the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA) require organizations that process consumers’ personal information to complete privacy impact assessments and regular risk assessments. Many organizations lack the internal resources to address this problem, but Egnyte’s new partnership with Truyo can help them quickly discover and scan all sensitive information they have, across their entire data footprint.  

Understand the Compliance Challenge

Businesses need to address two essential components to comply with these regulations. First, they must establish a workflow to process and respond to requests. Second, they need to find sensitive data across a vast data lake of structured and unstructured information spread across the entire organization.  

Of the two components, e-discovery presents a more fundamental challenge for businesses. To better illustrate the problem, let’s discuss the lifecycle of data in a typical organization.  

Most new information enters an organization when a customer, client, patient, partner, or salesperson enters data into a website or form. From there, it is stored in a database as structured data and is used almost immediately in email addresses, invoices, etc. However, data doesn’t stay confined very long.  

Over time, data begins to “leak” out of the database as marketers generate reports, spreadsheets, and other files. Customer service teams create additional databases and additional reports, emails, and letters. Contact information goes to sales teams, and financial information goes into files for billing. Eventually, sensitive data is spread all over the organization, in structured databases and in unstructured files stored across multiple repositories. In fact, Egnyte’s 2021 Data Governance Trends Report found that over half of organizations surveyed had more than ten different locations for unstructured data files.  

(For additional insight into structured vs. unstructured data, read our governance guide on the topic.)  

Use Egnyte and Truyo to Find the Data  

Truyo's privacy automation platform manages DSARs for structured data, while Egnyte supports DSARs for unstructured data. Taken together, all of the data repositories for your entire organization can be searched in order to respond to a single customer inquiry.  

Let’s look at a hypothetical example of how Egnyte and Truyo help respond to a typical DSAR request.  

Suppose a customer, John Smith, wants to know what information ABC company has about him. On ABC’s web page, he finds a form that allows him to enter his name and request a search. That form is generated by Truyo and initiates the DSAR workflow process.  

First, Truyo sends queries to the internal company databases. This could include a SQL database used to store customer data, an Oracle database in the finance department, a NoSQL database used by the fulfillment center, and many others internal data stores spread across the company. It also sends queries to cloud service databases, including Salesforce.com and dozens of others.  

Simultaneously, the Truyo workflow also sends a request to Egnyte with the same user information. The Egnyte platform then searches every word of every file stored in the Egnyte platform, as well as other repositories used by the company including Box, Dropbox, Google Workspace, Microsoft Teams, and more.  

Within minutes, all references to “John Smith” are captured across the entire enterprise. It is a comprehensive search that meets regulatory compliance. More importantly, the search is done automatically, which means it’s quicker and cheaper than if the business had to conduct a manual search. Also, because data is always in motion, the speed at which the search is done helps ensure the results are accurate.  

With the Truyo-Egnyte integration, no personal data is left behind. Smith will receive a report citing all instances where his user information appears. If he wishes to exercise the right to be forgotten, that process can be simply executed so all his personal information is permanently removed.  

Without these tools, searches for private information are a laborious process that can easily miss important data, which can result in partial or non-compliance. But with Egnyte and Truyo, companies can stay ahead of ever-changing privacy regulatory requirements and fulfill hundreds of requests, easily and affordably.

To learn more visit: https://pages.egnyte.com/egnyte-truyo-integration.html.

Niamh Conlon contributed to this blog post.