Is your Privacy Platform your biggest risk?

<- Back to all Blogs
3 min Read  |  Published: Wed Oct 28 2020
Since the arrival of regulations such as the GDPR, CCPA, LGPD and POPIA, Data Privacy and Ethics teams have become a critically important function within a business. Privacy, Data and Cybersecurity teams now bear a lot of the responsibility of compliance, ensuring the protection of their customer’s data to avoid potentially record-breaking fines, and associated brand damage. With an ever-increasing number of future regulations on the horizon, and continual changes made to existing regulations – Schrems II being a recent example – Privacy and Data teams face a battle to ensure their house remains order.

Naturally, technologies and tools exist to ease this burden. However, not all technologies are created equal, and in fact, some technologies inadvertently contradict the very spirit of the regulations they seek to uphold. Let’s take Data Minimisation as an example. Data Minimisation seeks to do away with the unnecessary copying and moving of raw data. Simply put, the more data is moved and copied, the greater the risk of a data breach. This is true because the more copies of data exist, the more difficult it is to secure said data, and keep track of how and where it is being used. Over time, this leads to increased risk and likelihood that the data may be breached. Privacy Platforms attempt to reduce the risk of data breaches and fines – and yet they can very easily contribute to the same problem they seek to solve. If a Privacy Platform or vendor requires access to your data, that data is likely being moved and copied, from your environment to their environment. The more copies of data exist, the more difficult they are to secure, and the higher the risk of a data breach. As such, Privacy Platforms can actually pose a major risk, undermining the very security and assurance they seek to provide to a business.

Worst still, this data may not just be moved to an external third-party, but to an entirely different country. Imagine the following: a European Bank seeks to protect its Customer’s Data by implementing an enterprise-wide Privacy Programme. In order to do so, it procures a Privacy Platform hosted in the USA. This Privacy Platform also provides a suite of data mapping and discovery tools that require access to the raw data. In the course of the provisioning of these services, the Privacy Platform mandates that the Bank’s PII be stored in a cloud in the USA. This requires copies of the Bank’s data be moved from their source location in Europe, to the cloud in the USA. In doing so, the business sees its data moved and copied to a foreign country. This poses a whole host of issues from a regulatory standpoint, whilst increasing the businesses attack surface, risk and undermining efforts to protect and secure the Customer’s Data.

So why would a business ever take the risk, and what’s the alternative?

The businesses may cite ‘means to an end’ as justification for allowing the Customer’s Data to be copied from their environment to an external third-party – even one hosted in a foreign country. They may even cite a perceived lack of alternative – and yet there is an alternative. At Trunomi, we believe your customers’ personal data should always stay with you – even when working with external Privacy Vendors. As such, we have developed a truly unique solution. Trunomi is the only Data Privacy Platform to never see, store or process your PII. This is achieved through a combination of patented technologies that ensure Trunomi only ever operates at the metadata layer. Your data always stays with you – without exception. Trunomi adopts a fully holistic approach to solving Data Privacy, enabling compliance with all Global Privacy Regulations, powering business intelligence to drive revenue, customer engagement and trust while de-risking and minimizing data. As such, Trunomi is the world’s only truly zero-risk Privacy Solution.

If you’d like to learn more about how Trunomi can support your Data Privacy and Compliance Programmes, without ever seeing or storing your Personal Data, get in touch or book a demo at