Études de cas

Strengthening data protection and DLP controls for a UK data and insight organisation

Content Image

The Client

A global customer data science and analytics organisation headquartered in the UK, working with major retailers to deliver insight-driven decision-making. The organisation processes large volumes of sensitive consumer, commercial, and behavioural data across international markets, requiring robust data protection and governance controls to support innovation while maintaining trust.

The Challenge

As the organisation’s data estate grew in scale and complexity, there was a need to validate existing Data Loss Prevention (DLP) controls and ensure they were aligned with real data risks. While a draft DLP design was already in place, there was limited visibility into unstructured data and uncertainty around whether the proposed controls were proportionate and effective.

The organisation also wanted independent assurance that its approach aligned with industry best practice, without introducing overly restrictive controls that could impact analytical workflows or innovation.

Key Challenges

  • Limited visibility into unstructured and sensitive data
  • Need to validate an existing DLP design against best practice
  • Risk of controls being either insufficient or overly restrictive
  • Requirement for external assurance and expert guidance
  • Balancing strong data protection with analytical flexibility

The Solution

CWSI worked with the organisation to provide data-driven insight into its data landscape and validate DLP controls against actual risk. The engagement focused on combining discovery, design, and expert review to ensure controls were both effective and appropriate.

Using Microsoft Purview and Cognni’s data discovery capabilities, CWSI assessed data risk across collaboration platforms and delivered structured workshops to refine the DLP design. Clear recommendations were provided to strengthen controls while supporting the organisation’s data-driven operating model.

Solution Components

  • Data discovery using Cognni across SharePoint, OneDrive, Exchange, and Teams
  • DLP design workshops to capture business and analytical requirements
  • Review of existing DLP controls against recommended practice
  • Identification of improvement opportunities using Microsoft Purview
  • Clear recommendations to enhance and refine DLP policies

The Result

The engagement provided the organisation with greater visibility into its data estate and confidence that its DLP controls were aligned with real-world risk. With a validated and refined design, the organisation was able to move forward with DLP implementation knowing controls were proportionate, effective, and supportive of ongoing innovation.

Key Outcomes

  • Improved visibility into unstructured and sensitive data
  • Validated and strengthened DLP design
  • Increased confidence in data protection controls
  • Reduced risk of inappropriate data exposure
  • Stronger foundation for ongoing data governance

Why CWSI

CWSI’s experience working with data-centric organisations ensured that DLP controls were grounded in real data usage rather than theoretical policy. By combining discovery-led insight with practical design guidance, CWSI helped the organisation protect sensitive data without compromising the flexibility required for advanced analytics and insight-driven decision-making.

“Effective DLP starts with understanding how data is used across the organisation. By grounding controls in real data risk, we helped the business implement protection that was both robust and proportionate, supporting innovation while maintaining trust with customers and partners.”

Paul Conaty, Secure Data Practice Lead, CWSI