BookmarkSubscribeRSS Feed

Using SAS Federation Server for GDPR

Started ‎05-16-2018 by
Modified ‎06-11-2019 by
Views 2,932

The General Data Protections Regulation (GDPR) that intends to protect the data of citizens within the EU, was finally approved in 2016 and the transition period ends on May 25th, 2018. As of this date, fines could be imposed upon organisations failing to observe this legislation.

 

See more information about GDPR regulation here:

https://www.eugdpr.org/the-regulation.html

 

Article 5 of the regulation enumerates the key principles:

 

  • Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
  • Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
  • Storage limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • Accountability: The controller shall be responsible for, and be able to demonstrate compliance with the GDPR.

 

In order to comply with Articles 25, 32 and 34, organisations need to be able to protect Personal Data by applying security patterns including pseudonymisation, anonymization and encryption. According to Articles 33 and 34, one must be able to notify the supervisory authority as to the type of data subjects and how many personal data records are impacted in case of a breach; and to notify the affected data subjects (except if appropriate security measures have been applied which will prevent from any reidentification).

 

SAS Federation Server helps on this matter by proposing these features:

  • a central location for the setup and maintenance of connections to data​,
  • creation of data views from disparate data sources without moving the source data using SAS Federation SQL (FedSQL)​,
  • data abstraction layer to provide a consistent data model with access control, data masking, and security to the end user​,
  • SQL logging and monitoring of user activity for every query that a user makes against a data source.

 

SAS Federation Server creates a virtual environment that provides a secure, business-centric view of your data. This not only provides better performance and easier access to business information, but also a greater degree of control over data access, – leading to higher levels of information security.

 

See the SAS Federation Server fact sheet here:

https://www.sas.com/content/dam/SAS/en_us/doc/factsheet/sas-federation-server-105943.pdf

 

In this series of articles, we will describe how SAS Federation Server can be used to ensure compliance with GDPR regulation. We will first discuss SAS Federation Server security; how data is protected against unauthorized access, and how data transference is guaranteed by secure transmission lines. In the second part, we will review the SAS Federation Server masking function and how it can be used for pseudonymisation, anonymization and encryption. We will then explore the functions that help extract and identify Personal data, and finally demonstrate the logging facility.

Comments

Very nice and relevant article Audrey.

Nice job Audrey!

Version history
Last update:
‎06-11-2019 09:43 AM
Updated by:
Contributors

sas-innovate-2024.png

Don't miss out on SAS Innovate - Register now for the FREE Livestream!

Can't make it to Vegas? No problem! Watch our general sessions LIVE or on-demand starting April 17th. Hear from SAS execs, best-selling author Adam Grant, Hot Ones host Sean Evans, top tech journalist Kara Swisher, AI expert Cassie Kozyrkov, and the mind-blowing dance crew iLuminate! Plus, get access to over 20 breakout sessions.

 

Register now!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Labels
Article Tags