Tech Primer

How Regular Expressions Empower Support for the GDPR and Privacy Assessments

By Ed Moke

Whether you’re preparing for the GDPR or monitoring your primary storage network or secondary backup data to identify and manage sensitive data, one of the key attributes of any solution is the ability to find ‘Personal Data.’ The GDPR defines ‘Personal Data’ as:

“any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

Index Engines delivers several key features that allow for the identification of personal data, including data that is defined as personal based on specific geographies.

Leveraging the Index Engines search, classification and management capabilities, policies can be defined to support specific personal data based on a pattern or regex query. Once these policies are defined and stored, they can be run on online or offline data sources to support the GDPR requirement to access, rectify, erase, restrict or migrate personal information.

There are several popular pattern matching capabilities within the Index Engines application. These include Social Security and credit card number (American Express, Visa, Master Card and Discover Card) as well as bank routing numbers. The advantage of embedding the pattern within the Index Engines processing platform is the files and email containing these patterns is immediately identified at indexing time and tagged in the index. This enables rapid search to quickly return files containing any of the embedded patterns across large data sets.

Read more about our Regex searches in our new Tech Primer