The European Union’s General Data Protection Regulation, also known as GDPR, enables EU consumers to have more control over how organizations manage their personal data. Companies that handle this information have to update their data privacy regulations by May 25, 2018.

The newest update to SAS Customer Intelligence 360 provides you with the tools you need to comply with GDPR requirements.

Right to Access

The right to access is a regulation that enables individuals to request that an organization discloses any information it has on them.

SAS Customer Intelligence 360 provides an export REST API to retrieve data that provides a comprehensive view on a specific customer. The data is exported as CSV files that can be downloaded by the person issuing the request through the REST API. The export request returns an ID that can be used to retrieve the CSV files.

Right to Be Forgotten

The right to be forgotten is a regulation that enables individuals to request that an organization deletes any data about them.

SAS Customer Intelligence 360 provides the deleteList import descriptor that can be used to delete customer identity data that has been imported or collected. This descriptor enables you to define the type of customer IDs that need to be deleted and then upload a corresponding list of IDs. After the IDs are imported and processed, SAS Customer Intelligence 360 deletes all specific data about the customer, as well as other information that may be associated with the individual. This deletion effectively prevents the data from being matched to an individual.

Protecting Customer Data

In its initial proposal to reform data protection rules, the European Commission defined personal data as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.” This information is typically referred to as personally identifiable information, or PII.

SAS Customer Intelligence 360 enables you to customize messages and create segments with PII and discard the data afterward. When you import PII with a data descriptor that uses the transient type, the system creates a temporary table to process the data and deletes it afterward, so sensitive information is discarded after it is used.

For general information about GDPR and SAS, see General Data Protection Regulation on www.sas.com.

This post has been adapted from the SAS Customer Intelligence 360 Help Center.

See What’s New in the latest release of SAS Customer Intelligence 360.