confided data manager

how it works


confided data manager

One of the more important tasks to become compliant with the GDPR is to create an inventory of the organizations PII (Personally Identifiable Information). confided data manager creates such a PII-inventory on SQL Server instances. The inventory finds tables and columns that may contain PII.


how it works

confided data manager uses statistical algorithms to detect columns that may contain PII. The result of the inventory can then be viewed in the windows application. The inventory can then be managed manually to refine the results. The final version of the inventory can be exported or printed as a report.


why do a database inventory?

If your organization have documented business processes, it can often give a good overview of what PII is stored in systems. The documentation could for instance be data models and process descriptions.

But to get a more accurate picture on where PII actually is stored, this is often not enough. Process documentation normally describes main processes, and in many technical implementations one piece of information may be stored in many different places. Examples are so called staging tables, pre-systems, temp-tables and other types of technical solutions that store information in many places. In addition, older systems often have legacy parts that are not used anymore. Those may not be covered in the documentation.

confided data manager will help you by creating an inventory of what PII is actually stored in the databases. No matter how, when or why it ended up there.

confided data manager uses statistical algorithms to find PII columns in your databases. The selected columns can then be viewed in the windows application.

But the automatic inventory is only a best guess, so it is important that someone who has knowledge of the data refines these first result. There will be columns that contains PII but that confided data manager has missed. Or, more commonly, columns that has been identified as containing PII but that doesn’t.

The inventory is based on the actual content in the tables, it is not based on column names etc to figure out what type of data is in a column.

Many databases can contain tens of thousands columns or more. To manually create an inventory on that much information is nearly impossible. The inventory created by confided data manager can reduce the number of potential PII columns with 90-70%.

The user interface in the windows application is very intuitive. You can sort, group and filter the data as you wish. This will simplify the work with the inventory.

Each time you select a column in the application, sample data from that table is shown in a separate window so that you’ll understand what the data actually look like.

You can also create your own PII-categories (e.g. name, address, zipcode) in addition to those that are already included in the system.

There is a possibility to check columns/tables/databases as “finished” so you can mark your progress and always know how much work there is left on the inventory.

When you are finished with the inventory, you can create a report that will give you the complete picture over what PII there is in each database.


technical prerequisites

For this software to function properly, the following prerequisites must be met:

  • The inventory will only function on the following Microsoft SQL Server versions: 2008R2, 2012, 2014, 2016 and 2017.
  • All SQL Server editions are supported except Express.
  • Azure SQL Database is not supported.
  • The SQL Server Agent service must be started on the instance where the inventory is performed.
  • The windows application must be installed on Windows 7 or later.
  • Access to the internet is required on the computer where the software is installed.
  • We strongly advise against, and do not support, running the analysis on any production environment. The reason for this is that the analysis places a heavy burden on the server and the result may be that the server is unresponsive during the analysis.
  • The analysis of data will only work if there are enough data. The inventory analysis uses statistics about the distribution of data, so if there are less than roughly 2000 rows, the inventory analysis may not function properly. Ideally, the analysis should be run on a copy of production data. The data must also be representative of the production environment, which means that repetitive or random (e.g. test data) values will make the inventory analysis less correct.
  • When the software is connected to a SQL Server instance, a database named ConfidedDB will be created. The software will also create temporary objects in other databases, so sysadmin credentials are needed.