DeepScan turns GDPR compliance costs into new business

The top prize in the Creative Business Cup eGovernance Solutions competition, a pan-European tournament for innovations designed to boost public sector e-services, went to a startup initiative that with the help of Nortal’s investment has evolved into a brand-new product, DeepScan.

DeepScan, a data management tool that helps organizations comply with the EU's sweeping General Data Protection Regulation (GDPR) slated to come into effect next May, edged out 22 other applicants from seven countries to take first place in the contest. The product is now going to Creative Business Cup’s global final in Copenhagen to find new clients in Europe and globally.

DeepScan, as the name implies, picks through an organization's entire data system, checking every file to identify which contain personal information. If that information is being held improperly, the organization can then delete it and adjust its practices to make sure the breach isn't repeated.

Recently, several Estonian municipalities received a shock after DeepScan revealed that their public document registers contained very sensitive personal information about people’s disabilities, social benefits decisions and addresses, all easily accessible for anybody who took the time to find them.

The problem isn't unique to Estonia. “A lot of organizations, particularly large organizations with legacy systems, just don't have a good handle on what data they're holding or the steps they need to take to keep it protected,” Artur Assor, Head of Data Protection at Nortal explained.

As an example of how dangerous this ignorance can be, he pointed to the scandal that broke in Sweden this summer after a bungled data outsourcing contract at the national transport agency led to the leak of private information, including the nation's entire driver's license database and records potentially exposing intelligence agents, police and military personnel and those in witness protection.

“In the world of eGovernance, the trick has always been maintaining the right level of transparency while keeping private information private,” Assor said, “But when GDPR comes into effect, essentially putting the ownership of each citizen's data into their own hands, a much higher level of management will be required. Organizations at all levels are going to have face this new reality.”

Commenting on what pushed DeepScan to the head of the pack, jury member and Estonian tech visionary Linnar Viik noted the pressing need for the solution, especially in light of the fast-approaching GDPR compliance deadline.

“It's an extremely acute topic that affects people all over Europe. Next year, the new data protection regulation comes into force and this is a good tool for governments to convince people that their data is protected,” he told local organizer Creative Estonia.

Assor called the win an affirmation of the seriousness of the GDPR compliance issue and how difficult it might be for organizations to overcome.

“This is very much a recognition of the challenge that we're aiming to solve,” Assor said, adding the challenge has no borders, and concerns both the public and private sectors. “It hasn't been adequately solved so far. We feel we're unique in our offering, our tech, and that we can really help the public sector as well as businesses with protecting the personal data of their citizens and customers,” he said.