With the EU’s General Data Protection Regulation (GDPR) going into effect on May 25, 2018, global companies must take steps to understand how personally identifiable information (PII) is stored and used within their organisations. Millions of records are exposed each year due to thousands of data breaches that occur around the world. Further, a recent survey found that less than half (45 per cent) of organisations have a structured plan in place for compliance and more than half (58 per cent) indicate that their organisations are not fully aware of the consequences of noncompliance. To help companies protect their data and meet new compliance requirements, analytics leader SAS is offering SAS® for Personal Data Protection.
Any company that collects personal data, anything from national identification numbers, Social Security numbers, email addresses and dates of birth, must be able to identify where that information is stored in order to protect it and remove it when required. The amount and variety of data sources, along with the rise of mobile, cloud and social networks, has played a role in making PII more vulnerable to unauthorised access. SAS for Personal Data Protection helps companies to access, identify, govern, protect and audit their data, to work toward compliance.
Under GDPR, every EU resident has the right to know how their personal data is being used – and can request to have his or her data completely erased. This means that organisations that store and/or process EU consumer and employee data must be vigilant in protecting that data, regardless of where they are located. Noncompliance with GDPR regulations can be costly and may result in hefty financial penalties ranging up to US$22 million or fourv per cent of annual global turnover (whichever is greater).
‘The EU’s pending GDPR deadline is causing major headaches for companies across the EU and beyond, as organisations quickly realise that personal data is stored in multiple locations. Finding it and locking it down is no easy task,’ says Tom Pringle, head of applications research at Ovum.
‘The SAS for Personal Data Protection solution offers organisations tools to identify and govern personal data to prepare for compliance with this new regulation, simultaneously helping extend and enhance the governance frameworks enterprises are investing in.’
SAS software and services assist organisations in locating and identifying all personally identifiably data throughout its lifecycle so that it can be properly protected. The technology allows companies to take the following steps:
Access. With SAS, organisations can assess, access and blend data types from a number of relational data sources like Oracle, Apache or Hadoop
Identify. No matter where PII resides, data filters, sampling techniques and algorithms can identify and extract personal data from structured and unstructured data sources
Govern. Data governance software helps to enforce policies, monitor data quality and manage business terms across an organisation
Protect. Role-based data masking and encryption techniques secure sensitive information, and dynamically blend data without moving it to help minimise exposure of sensitive data
Audit. To help proactively avoid penalties and breaches, interactive reports can be generated to identify the users, data sources and types of PII detected
‘Many organisations will be caught off-guard when GDPR rolls out next year. Dealing with personally identifiable information is tricky, especially when that data may be stored in multiple locations throughout an organisation,’ says Mike Wake, head of data management at SAS UK & Ireland.
‘Consumers and regulators have woken up to the importance of personal data, and the companies that hold it will be expected to respond fast when it is requested. Yet this is difficult when, as is the case in so many industries, data is held by different departments in disparate silos. At SAS, we use well established market leading technologies to help our customers break down these data silos, while ensuring Personal Data is only accessible to those authorised to use it.’
Further reading on GDPR
