Use Case: Risk Analysis for GDPR

Risk Analysis enables an enterprise to monitor data for personal and sensitive content across the enterprise and to handle end-user access requests for the General Data Protection Regulation (GDPR).

How Does It Work?

Data Insights can help you perform the following operations:

  • Identify Sensitive Content In Your Data

    Risk Analysis uses a content indexing engine, called the Index Server, and a data analysis engine, called the Content Analyzer, to crawl sources of data in your enterprise and identify sensitive content. You can then use the features of Risk Analysis to perform tasks for risk monitoring and fulfilling end-user access requests.

  • Monitor and Assess Risk Across Your Enterprise

    Administrators and compliance stakeholders in your organization can use the reports and dashboards from your analyzed data to assess the levels of risk across your enterprise. For example, use Risk Analysis to discover which documents contain content that should be encrypted and identify where those files are located.

  • Process End-User Access Requests for GDPR

    If your organization is subject to the General Data Protection Regulation (GDPR), compliance stakeholders can create and manage the workflow for collecting end-user personal data, reviewing and approving documents, and deleting or exporting the data to the end-user.

Key Features

Risk Analysis allow you to crawl data sources in your environment and perform the following tasks:

  • Identify sensitive content - such as personal identification numbers, email addresses, and other customizable entity types - in the data.

  • Monitor data sources for potential risks using Risk Analysis dashboards.

  • Analyze and mitigate risks in your environment before end-user access requests.

  • Handle end-user access requests with a managed workflow that supports redaction and requests to delete or export end-user data.


The Risk Analysis feature is comprised of the following application.

Inventory Manager

The Inventory Manager application connects Risk Analysis to computers and domains in your environment, called inventories. Inventories are the starting points for crawling and analyzing data for sensitive content.

Sensitive Data Governance

The Sensitive Data Governance application enables you to define sets of data sources from your inventories. These sets of data sources, called projects, are used to specify data sources to fulfill end-user access request.

Request Manager

The Request Manager application enables you to handle end-user access requests to export or delete personal data from your enterprise, with the option to redact sensitive information. Request Manager also enables you to define the individuals who are responsible for reviewing documents collected in the request.

Entity Manager

The Entity Manager application enables you to manage the different types of personally identifiable information (PII) that Risk Analysis can identify while analyzing content. There are many types of PII, also called entities, that are built-in to the software. You can also create more specific entities from existing ones, or create completely custom entities with regular expressions.

Getting Started with Risk Analysis

If you are setting up Risk Analysis for the first time, see Getting Started with Data Insights.

Using Risk Analysis

If Risk Analysis is already setup for you, and you want more information about how to use Risk Analysis, see the following topics:


The following terms are used with Risk Analysis:

  • Inventory

    A logical group of one or more servers or domains from your CommCell environment to use with Risk Analysis. Inventories are containers for different sources of end-user data based on your business needs.

  • Assets

    The servers from your CommCell environment that are the sources for discovering end-user data with Risk Analysis. You can add individual servers as assets, or add all of the servers from a domain as assets to an inventory.

  • Project

    A subset of assets from an inventory that you can use to monitor or process end-user requests.

  • Data Source

    A specific location on an asset that you want to include for discovery and compliance tasks. For example, file system data sources can be an entire server, a directory on the server, or even an individual file.

  • Request

    An end-user request for PII in your data sources. The request can either be for an export of the data you control that includes PII for the end-user, or deletion of the data with PII from your data sources.

  • Reviewer

    A user in your organization who can view and approve each document that is identified as having PII as part of a data request.

  • Approver

    A user in your organization who can approve the entire request. The request operation (either export or delete end-user data) is only performed after all approvers approve the request.

  • Entity

    Entities are categories of PII that you can discover in your data sources with Risk Analysis. Many common types of PII, such as social security numbers, phone numbers, and email addresses, are built-in to Risk Analysis. You can also define new entity types using custom regular expressions.

  • Keywords

    Keywords are words that must be in close proximity to a matched entity for the match to be considered legitimate. Keywords are helpful to create specific entity types for custom entities, or entities that inherit from the built-in entity types.

  • Sensitivity

    Sensitivity is a rating that indicates how important or sensitive the type of information is. Sensitivity levels range from Moderate to Critical.