Data Security and Privacy
GDPR Technologies supported by SAS
SAS, with its industry-leading analytics including strong solutions for data management and data quality, is well placed to support data protection compliance and to help your company meet evolving data protection compliance demands, particularly in five areas:
1. Identification (classification, catalogue) – Identification and extraction of PD from both structured and unstructured data sources, no matter where it resides throughout the organization. Incorporate sophisticated algorithms that go beyond traditional sampling methods and manual processes to enable improved Personal Data detection. Reduce false positives by using automated data quality filters and techniques that regularly search files for Personal Data content.
2. Data Flow Analysis – Monitoring and charting storage and processing of PD in order to conduct and document analyses and assessment of the risk involved in all PD collection, use and processing activities, Data Protection Impact Assessment (DPIA). This involves monitoring large amounts of actions, processes and plans, as well as documenting each such step. In addition, companies must in certain cases of high-risk processing for the individual conduct DPIAs and if needed consult with supervisory authorities before processing takes place.
3. Logging – Documenting how all systems are used, and ensuring that no “rouge” users are accessing personal data.
4. User Access Rights – Processes for ensuring exactly who should be allowed to use systems/data, and ensuring that access rights are enforced, even when an employee is transferred to another department, quits a job, etc.
5. Incident Management – Under GDPR, a company must report to authorities within 72 hours if data is lost or a breach in personal data is detected. The company must also show which procedures have been initiated to fix the problem.
SAS solution: a unified view of how your data is handled
For the functions within the organization that oversee how data is handled, normally over a wide range of platforms such as Mobile, Cloud, Social Media, proprietary databases and systems as well as commercial systems, SAS Institute’s capabilities enable you to you handle all your data through a unified view. This means that you can seamlessly manage logging, user access and encryption of data to ensure Enterprise Governance and Data Compliance. It also means that individuals can easily find the necessary data even if that data is “hidden” in “wrong” columns, text strings, mislabeled or identified only by context.
Only SAS delivers proven data management capabilities.
With SAS, you get superior detection capabilities that enable you to search your entire network, regardless of operating system, and locate personal data within varying file formats and both traditional and emerging data sources like Hadoop.
GDPR Technologies supported by IBM
The GDPR will replace the current EU Data Protection Directive. Is it designed to unify data privacy requirements across all 28 EU member states. Per the GDPR, Data Subjects — which include end users, customers and employees, among others — have the right to make a claim if their data is not protected in compliance with the GDPR regulations. Further, EU regulators have the right to impose huge fines for violations.
IBM Security Guardium offers a GDPR Accelerator. This tool provides a suite of prebuilt and ready-to-deploy tools to help you get started and speed your mission along the path to success. Using the Accelerator’s prebuilt classification patterns to help you locate GDPR-governed Personal Data, plus the built-in Personal Data Security Assessment tests, you are better able to understand the scope of your mission and how to proceed. Once you locate and fix any issues with the sources that contain your Personal Data, you can start monitoring them and take action if suspicious behavior occurs.
The Accelerator includes prebuilt policy rules and groups that enable you to perform continuous monitoring more quickly. The prebuilt policy rules help protect Personal Data from unauthorized access and activities, including changes, removal, replication or deletion of records. The tool also offers Security of Processing reports, which you can select on a user, controller or application basis, for data activity monitoring of all authorized and unauthorized activities.
Finally, the Guardium GDPR Accelerator provides an automated compliance audit review process to support GDPR compliance. This capability automates the notification and review process for simplified, faster escalations and sign off on the prebuilt audit reports for Personal Data activities, which should be documented, recorded and reviewed.
Once you’re on the right path, you can begin dealing with more focused means of protecting the Personal Data you’ve located, classified and begun monitoring. Encryption, redaction and masking can then be applied to support the appropriate levels of anonymization your organization and its data requires.
The mission to protect Personal Data and comply with the GDPR is a crucial one. To complete your mission before time runs out, you’ll need to equip yourself with the right tools and capabilities to meet the challenge head-on.