• EU and UK fines for non-compliance surge to over £ 958 million in 2021
• On average, 10-15% of a company’s files thought to be non-compliant
• ControlTower iterates through the business, identifying unstructured data risks and providing all tools needed for compliance

Dufrain, the data consultancy, has launched ControlTower, a tool designed to bring control and compliance to ‘unstructured data’ – data with no internal structure which cannot be used or detected by technology. Common examples of unstructured data include emails, PDFs or documents saved via Microsoft Teams.

ControlTower is a bespoke solution with a technical accelerator which quantifies a company’s existing risk, providing the means to mitigate it now and preventing future risks materialising. The service will support businesses with their GDPR compliance following a surge in data protection incidents, with total fines in the EU and UK surging to over £ 958million in 2021.

Breaching the data protection law can result in crippling fines for a business. The cost is split into two levels. Fines on the lower level are up to £8.7 million, or 2% of the worldwide annual revenue from the previous year, whichever is higher. The upper level is £17.5 million or 4% of the worldwide annual revenue.

Dufrain’s advanced project framework enables ControlTower to iterate through the business, identifying unstructured data risks. This empowers management to take the required actions to address these data issues, as well as providing all the tools they need to prove their compliance, such as having the necessary information to satisfy Data Subject Access Requests (DSARs), or report incidents to the regulator when they arise.

The launch comes at an important time. Using analysis across a sample of businesses, Dufrain estimate that between 10-15% of company files will be non-compliant, with this number growing exponentially for smaller firms.

Joseph George, Mangaging Director at Dufrain comments: “Following its introduction in 2018, many firms implemented a set of GDPR processes designed to ensure all data was stored and shared was compliant with the new law. The issue is that, now - nearly four years later - many businesses think they are compliant but have no way to prove it. They face significant risks by retaining unknown data with wrong or no classification in place.”

“It’s all about empowering the business to take control of their data and understand what needs to be done. Ignorance is not an excuse and attention on non-compliance is heating up. With no added work for the business, ControlTower helps companies take control of their data and build transparency within the organisation.”