Case Study - Scorett

WatchGuard helps Swedish shoe company Scorett ensure GDPR compliance

Introduction

Scorett Group is one of Sweden's largest shoe retail chains with approximately 80 stores and online sales. The group consists of six limited companies and is privately owned. All IT functions are managed internally by the group's IT department under IT manager, Fredrik Lindqvist. Scorett has worked with WatchGuard, formerly Panda Security, since 2008.

The Challenge

In 2016, the European Union (EU) issued the General Data Protection Regulation (GDPR), a directive that regulates the processing of personal data and the free flow of that data within the European Union. It was issued by the European Parliament and the Council of the European Union on April 27th, 2016 and became applicable on May 25th, 2018.

The regulation replaced the Data Protection Directive as well as any national laws that had incorporated this directive, such as the Personal Data Act (PUL) in Sweden. Companies not complying with the regulation could be hit with large fines.

Discussions about how Scorett would meet the new data protection regulation requirements began in 2017. WatchGuard was an existing supplier of security solutions, and IT manager Fredrik Lindqvist had regular conversations with the WatchGuard team. WatchGuard presented some proposals for Scorett’s handling of personal data throughout the group's computer system. At the time, the company had 400 computers and 50 servers, all of which needed to be reviewed.

“Scorett started its e-commerce venture in 2011 and was one of the first major shoe chains to create an online sales presence,” Benny Jonasson, account manager for Scorett at WatchGuard, explained. “The company quickly built a large online customer base and was able to boast 1 million members in its customer club by 2018. This made the GDPR compliance work even more important.”

 

The Solution

WatchGuard provided Scorett with its module for data control, adapted for the Endpoint Security solution that that the company already used. WatchGuard Data Control (WDC) provides the most important components to help ensure compliance with data protection regulations such as GDPR. It requires no installation or infrastructure and helps administrators manage personal and sensitive data privacy, access, and usage.

“WatchGuard Data Control has given us better control and shown where we can find the personal data,” says Fredrik Lindqvist. “WatchGuard Data Control makes it easier to carry out follow up work with customer data and ensure compliance with the GDPR regulation.”

Key features include discovering and understanding unstructured personal and sensitive data.

Another function is to establish security and access policies to control data access and use.

WatchGuard Data Control is also able to analyse the effect of a personal data breach and adjust according to the company's policies. End users receive automatic detection, classification and audit files of personally identifiable information, and customisable alerts about anomalies such as potential data leaks or improper access to sensitive data.

Customer Value

With WatchGuard's Data Control module in place, Scorett can analyse the content of all parts of their IT system and identify the personal data.

WatchGuard Data Control simplifies the management of personal and sensitive data protection and provides constant visibility. It is designed to help organisations understand the context of how data is being used by correlating data sensitivity, the users accessing the data, and the requested action. Its powerful engine allows admins to find any file in the organisation (with data susceptible to control) to enforce corporate data policies and block inappropriate access or use.

“We’ve always had good control over our customer club and the information contained there,” says Fredrik Lindqvist. “With WatchGuard's solution in place, I feel even more assured.”

Some 80% of breaches in 2020 included records containing customers’ personal data at an average cost of $150 per record. WatchGuard Data Control monitors and detects uncontrolled access, use, and transmission of corporate personal and sensitive data.

“Our solution is very effective”, says Benny Jonasson. “In addition to having the option to search for personal data, you can effectively delete the personal data that should no longer be there. In many systems, shadow files remain of data that you think you have deleted. This is not the case with our Data Control solution.”

The WatchGuard solution simplifies the implementation of proactive measures to prevent access to personal data with the help of reports and real-time alerts on unauthorised or suspicious tampering and exfiltration of personal data files.

“I am delighted with our collaboration with WatchGuard”, says Fredrik Lindqvist. “I had already chosen its solutions for firewalls and wireless access points, then selected the Data Control solution after a proposal from Watchguard - due to GDPR - as a add on module to WatchGuard Endpoint Security.

“Everything has worked out well and I believe in the importance of long-term relationships. I have also made comparisons several times with other providers both in terms of functionality and price. WatchGuard is always better than its competitors.”