Privacy & Compliance

Find non-compliant personal data across your organization and respond to access & erasure requests efficiently without manual work.

Data Discovery

The price for Data Discovery depends on the number of users you want to grant access to and your choice of setup (cloud or on-premise).
Starting from

€ 59 / per user / year

Unlimited policies, vendors & systems
Personal Account Manager
Ticket, chat and email support
Fully automatic system audits
Department-specific insights
Automatic logging for compliance with GDPR Article 30

Data Subject Request

Organize all your access & erasure requests in one place. Get notified of incoming requests and automatically find requested data.
€ 1,600 / Year

Data Subject Request form for websites
Unlimited domains
Personal account manager
Fully automatic system audits
Department-specific insights
ISO certified server located in EU/EEA

3 Arrows Mint

Frequently Asked Questions

3 Arrows Mint

How does Data Discovery work?

It is a lightweight and user-friendly platform that allows you to see and track your company’s data privacy performance from one central place.
The platform monitors all connected systems at a frequency set by you and automatically discovers personal identifiable information that is:
  • at-risk.
  • non-compliant.
  • deviates from your company policies.
Employees are automatically notified about their own violations and can take appropriate action directly in the platform. Gone are the days of having to manually look through emails, SharePoint sites etc. for violations. Now, you can quickly see everything in the platform and easily take action.

How do I get started with Data Discovery?

Sign up and you can receive your first insights in minutes. Simply connect the systems you use, e.g., Microsoft O365 and watch the platform do all the data mapping for you. If you wish to connect to on-prem systems, you will need to install our Data Discovery service on a server of your choosing. It usually doesn’t take more than 1 hour to get fully set up.

How many systems can I connect the platform to?

As many as you’d like – there are no limits, and we don’t charge you for the number of systems you connect. The platform connects seamlessly to the most widely used systems out-of-box. However, it happens occasionally that you wish to connect to other systems. If that is the case, we will build the integration with you.

Which mapping/scanning frequency should I choose?

Mapping/scanning frequency means: how often the platform should map your connected systems for personal identifiable information to discover compliance risks.

  1. We recommend two recurring mappings:
    A weekly mapping to update insights and ensure you are always up to date with your GDPR status.
  2. A monthly mapping that notifies employees about their violations so that they can take appropriate action

What security and privacy measures have been taken?

We never compromise on IT and data security. It is a top priority for us to be best-in-class and always follow best practices. Data Discovery by Cookie Information has been developed with “Privacy by Design”-principles and:
  • uses multifactor authentication.
  • is hosted on ISO-certified servers in Norway.
  • is fully end-to-end encrypted.
  • has built-in pseudonymization mechanisms.
The platform does not store your files or personal identifiable information. It only stores non-critical metadata about the findings so that they, along with actionable insights, can be displayed in the web app. In the case of personal identifiable information being present directly in e.g., an e-mail subject, that platform will automatically pseudonymize it by replacing it with asterisks ***. An external and impartial law firm has performed a risk assessment of the platform and, based on organizational and technical security measures, assigned it a low risk score.

What categories of personal data can the platform identify?

The platform supports an abundance of categories of personal identifiable information. This includes:
  • Social security number.
  • Health information.
  • CV.
  • Application.
  • Contract.
  • Personal identifiable picture.
  • Passport.
  • Criminal record.
  • Insurance information.
  • Salary.
You can easily add your own keywords and edit existing classifiers/categories of personal identifiable information.

How long does it take to map all personal data in my organization?

Depends on how many systems you integrate and their size. Our engine is one of the fastest on the market and learns from continuously mapping your systems. One of our customers has decreased the time to map 4 million files across 3 systems from 1 day to 8 minutes.
It is a purpose-built DSR automation tool that makes it easy and effortless for you to comply with data subject requests without undue delay. Instead of having to manually identify personal identifiable information about the data subject, you have a platform that does it all for you with a click of a button. Simply embed the form on your website and receive all data subject requests in one central place. Upon receipt, you will be notified so you don’t miss a request and risk non-compliance. If you choose to accept the data subject request, the platform then automatically searches all your connected systems for personal identifiable information pertaining to the data subject and returns a list to you with all that was found along with relevant information about each finding. You can lean back, rest assured you will comply with the request, and watch the platform do all the heavy lifting.

Is it easy to get started with Data Subject Request?

Yes – you can get fully set up in less than 15 minutes! Sign up – embed the DSR form on your website and connect to relevant systems. That’s it, you are now ready to receive a DSR. If you wish to connect to on-prem systems, you will need to install our Data Subject Request service on a server of your choosing. It usually doesn’t take more than 1 hour to get fully set up.