With the EU’s General Data Protection Regulation (GDPR) going into effect on May 25, 2018, global companies must take steps to understand how personally identifiable information (PII) is stored and used within their organisations. Millions of records are exposed each year due to thousands of data breaches that occur around the world. Further, a recent survey found that less than half (45 percent) of organisations have a structured plan in place for compliance and more than half (58 percent) indicate that their organisations are not fully aware of the consequences of noncompliance. To help companies protect their data and meet new compliance requirements, analytics leader SAS is offering SAS® for Personal Data Protection.
Any company that collects personal data, anything from national identification numbers, Social Security numbers, email addresses and dates of birth, must be able to identify where that information is stored in order to protect it and remove it when required. The amount and variety of data sources, along with the rise of mobile, cloud and social networks, has played a role in making PII more vulnerable to unauthorised access. SAS for Personal Data Protection helps companies to access, identify, govern, protect and audit their data, to work toward compliance.
Under GDPR, every EU resident has the right to know how their personal data is being used – and can request to have his or her data completely erased. This means that organisations that store and/or process EU consumer and employee data must be vigilant in protecting that data, regardless of where they are located. Noncompliance with GDPR regulations can be costly and may result in hefty financial penalties ranging up to US$22 million or 4 percent of annual global turnover (whichever is greater).
“The EU’s pending GDPR deadline is causing major headaches for companies across the EU and beyond, as organisations quickly realise that personal data is stored in multiple locations. Finding it and locking it down is no easy task,” said Tom Pringle, Head of Applications Research at Ovum. “The SAS for Personal Data Protection solution offers organisations tools to identify and govern personal data to prepare for compliance with this new regulation, simultaneously helping extend and enhance the governance frameworks enterprises are investing in.”
SAS software and services assist organisations in locating and identifying all personally identifiable data throughout its life-cycle so that it can be properly protected. The technology allows companies to take the following steps:
- Access. With SAS, organisations can assess, access and blend data types from a number of relational data sources like Oracle, Apache or Hadoop.
- Identify. No matter where PII resides, data filters, sampling techniques and algorithms can identify and extract personal data from structured and unstructured data sources.
- Govern. Data governance software helps to enforce policies, monitor data quality and manage business terms across an organisation.
- Protect. Role-based data masking and encryption techniques secure sensitive information, and dynamically blend data without moving it to help minimise exposure of sensitive data.
- Audit. To help proactively avoid penalties and breaches, interactive reports can be generated to identify the users, data sources and types of PII detected.
“Dealing with personally identifiable information is tricky, especially when that data may be stored in multiple locations throughout an organisation,” said Arturo Salazar, Principal Business Solutions Manager, SAS. “The first step to any successful data management program is to first access and identify where the data lives. SAS can then provide the added requirements of enterprise data governance, protection and auditing to ensure the right people have the right access and the data remains protected.”