The General Data Protections Regulation (GDPR) that intends to protect the data of citizens within the EU, was finally approved in 2016 and the transition period ends on May 25th, 2018. As of this date, fines could be imposed upon organisations failing to observe this legislation.
See more information about GDPR regulation here:
Article 5 of the regulation enumerates the key principles:
In order to comply with Articles 25, 32 and 34, organisations need to be able to protect Personal Data by applying security patterns including pseudonymisation, anonymization and encryption. According to Articles 33 and 34, one must be able to notify the supervisory authority as to the type of data subjects and how many personal data records are impacted in case of a breach; and to notify the affected data subjects (except if appropriate security measures have been applied which will prevent from any reidentification).
SAS Federation Server helps on this matter by proposing these features:
SAS Federation Server creates a virtual environment that provides a secure, business-centric view of your data. This not only provides better performance and easier access to business information, but also a greater degree of control over data access, – leading to higher levels of information security.
See the SAS Federation Server fact sheet here:
In this series of articles, we will describe how SAS Federation Server can be used to ensure compliance with GDPR regulation. We will first discuss SAS Federation Server security; how data is protected against unauthorized access, and how data transference is guaranteed by secure transmission lines. In the second part, we will review the SAS Federation Server masking function and how it can be used for pseudonymisation, anonymization and encryption. We will then explore the functions that help extract and identify Personal data, and finally demonstrate the logging facility.