GDPR compliance is an issue that must not be taken lightly, as popular instant messaging service, WhatsApp, recently discovered.

The Facebook-owned firm has been issued a staggering £193m fine by the Irish Data Protection Commission, in relation to a 2018 investigation, where WhatsApp was accused of not being transparent enough about how it handled personal information.

Although WhatsApp has said it plans to appeal the decision, this case serves as a warning to other businesses that they must ensure data is properly accounted for if they want to avoid severe financial and reputational consequences.

Given the seriousness of the issue, many organisations are now turning to technology to help them achieve compliance, with solutions and systems, like CircylScan, allowing them to manage data and process requests appropriately.

Main GDPR challenges

Under the current GDPR rules, organisations that trade within Europe are required to identify and retrieve personal data of employees and customers, such as names, addresses and financial data.

When an individual submits a Subject Access Request, it is the responsibility of the company to respond within 30 days, so it is important for information to be stored in an orderly fashion, allowing records to be accessed with ease.

According to the regulations, individuals are also entitled to submit ‘Right to be Forgotten/Removed’ requests, which force businesses to permanently remove all the relevant digital information they hold on that specific person.

Of course, the fast-paced nature of modern businesses often means that a large amount of data is stored in unstructured documents and non-approved IT systems, which can be problematic for organisations, especially if they are expected to process requests promptly.

For many businesses, manually processing requests is not an option, as they lack the time or resources needed to sort through large amounts of information and data.

The key benefits of CircylScan

CircylScan is a low cost software product that can be used to discover sensitive and Personal Identifiable Information (PPI) within all types of documents. The service ensures continued compliance by utilising artificial intelligence based on pattern matching to automatically scan data records and produce intelligent reports.

Not only this, but the service automates the process for responding to Right to be Forgotten and Subject Access Requests, streamlining the entire experience. The service achieves this by following three effective steps:

  • Discover: Discover sensitive and PPI within all types of structured and unstructured documents stored within your organisation. The service understands all versions of Word, Excel, PowerPoint, PDF, photocopies and images.
  • Report: Includes artificial intelligence with pattern matching to ensure key word accuracy. It then builds interactive reports to make informed decisions, whilst scoring sensitive words/phrases based on their level of exposure.
  • Action: A fully automated process for responding to requests. CircylScan produces a document that can be sent to the person making the inquiry, whilst recording a full audit trail showing confirmation and response dates. The service also has the power to remove or delete documents containing sensitive information.

No matter how large an organisation may be, CircylScan has the capabilities needed to automatically process sensitive information, removing the need for manual data management, which can be extremely time-consuming

Finding the right solution

GDPR rules allow regulators to issue significant fines of up to 4% of the offending company’s global turnover, so it is vital that businesses take steps to protect sensitive data records, as any breach could have serious consequences.

Whilst it is important to educate employees and make them aware of GDPR-related issues, the implementation of technical solutions, like CircylScan, removes unwanted pressure from your team so they can focus on daily tasks without the fear of a data breach.

Once in place, the system will process incoming requests appropriately, so you can be safe in the knowledge that the business is GDPR compliant, even when it is at its busiest.


The product is simple to deploy and does not require additional infrastructure either, so if you are looking to adopt the service in your business, then contact our in-house team of experts for help finding the right solution.