In the insurance sector stakeholders face a complex challenge in managing data in their technical environments as they must balance regulatory compliance, internal requirements and the demands of digital transformation. Too often personal data from production is copied directly into pre production or testing environments which exposes the company to significant risks around data protection and GDPR compliance. This is where our seamless solution deepeo comes in.
Context: A Real-Life Case at a mutual health insurer
A major mutual health insurance provider was facing a recurring problem: technical teams used copies of the production database to test new features. These lower environments (testing, pre-production) therefore contained:
- social security numbers
- coded medical information
- real personal contact details
Despite an internal policy specifying that only anonymized data should be used outside of production, no automated solution had been implemented to guarantee this rule.
Identified Business Problems
- High legal risk
➜ In the event of a data breach in these environments, the insurer was exposed to severe CNIL sanctions (up to 4% of global annual turnover). - Excessive reliance on manual processes
➜ Manual anonymization is tedious, time-consuming, and rarely completed on time. - Test data rendered unusable after “masking”
➜ Some internal pseudonymization attempts made test datasets unusable (referential integrity broken, business scenarios invalid). - Loss of customer trust ➜ In case of a data breach, the insurer must notify policyholders about the loss of personal and sensitive information, with all associated risks.
Our Solution
We deploy our deepeo remediation software to manage sensitive data in order to:
- automatically identify personal data
- anonymize or pseudonymize according to use context
- manage data life cycles
- provide logs and compliance evidence
- deliver universal reports that are automatically generated, immutable and easy for business teams to read and understand
Results After Deployment of deepeo
- 100% of lower environments (non-production) GDPR-compliant in less than 6 weeks
- 85% reduction in manual data masking requests and significant savings in both time and resources
- Zero regulatory compliance alerts in the 12 months following deployment
- Estimated 25% time savings on test cycles
What This Changes in Practice
- The company can document its compliance during any audit
- IT teams can deploy faster, without worrying about unintentionally breaching GDPR requirements
- The insurer reduces its customer data breach risks and ensures GDPR compliance, thereby strengthening its brand image
And You, Where Do You Stand?
Have you identified questionable data sets in your non-production environments?
Is your IT department wondering about its ability to handle a CNIL audit?
Are your teams manually generating test datasets?
Is your remediation reporting consistent and applicable across all contexts?
To go further, find out how our deepeo software solution can help you with its features
Data Deletion
Deletes all data for any data subject you no longer have a business or legal reason to hold.
Data Anonymiser
Perform the same operations as the data deletion, but anonymise a data subject’s data as opposed to deleting it.