Informational self-determination
through data filtering and masking
In the context of digital transformation, more and more data is being collected, analyzed, refined and exchanged by IT applications. Especially the exchange of data presents companies with great challenges, for example when data is collected from customers or passed on to business partners. On the one hand, legal requirements must be fulfilled, for example requirements from the European Data Protection Regulation (GDPR) such as informational self-determination. On the other hand, data exchange with business partners always represents a risk as soon as it affects sensitive, personal or business-critical data. However, to decline an exchange reduces the competitiveness of a company. To open uncontrollably is dangerous. The challenge is to strike a balance in data transfer. Data can be filtered or masked before being passed on in accordance with statutory and company regulations.
MYDATA Control Technologies is a technical implementation of data sovereignty, which represents an essential component for informational self-determination. It is based on the IND2UCE framework for data usage control developed at Fraunhofer IESE. MYDATA Control Technologies implements data sovereignty by monitoring or intercepting security-relevant data flows. This enables fine-grained masking and filtering of data flows at interfaces (APIs) in order to make them anonymous, for example. Compared to classical access control systems, MYDATA Control Technologies can enforce partial filtering and masking of data, context and situation restrictions as well as restrictions on the purpose of use. Compliance with data sovereignty through changes in data flows is controlled by a set of policies. A central management interface offers an editor for creating and adapting rules at run-time. The ability to flexibly adapt data usage rules at any time ensures high maintainability and avoids unnecessary complexity in technical integration.
Key Features
MYDATA Control Technologies consists of three core functions:
Enforcement, Policies, and Management.
-
MYDATA Control Technologies Enforcement: MYDATA Control Technologies offers control points for the enforcement of usage policies, which can be easily integrated into target systems. These can filter and mask information at data interfaces. In addition, MYDATA Control Technologies offers the possibility to perform actions using additional components, such as notification by e-mail. The functionality of the control points and action executions can be extended by means of plugins.
- MYDATA Control Technologies Policies:
New policies (rules) for data usage can be written at runtime. Among other things, time and frequency-based uses ("Data may only be used 5 times within a day"), situation-based uses ("Sensitive data may not be viewed on business trips") and masked uses ("For the PSD2 service provider, the middle 12 digits of the IBAN are replaced by an X") can be specified.
- MYDATA Control Technologies Management: MYDATA Control Technologies combines the administration of data sovereignty requirements and technical components in a central administration interface.
Key Advantages
- Central services for managing and controlling data flows at runtime
- Extension possibilities through plugin concept
- Uniformity in the implementation of data sovereignty
- Easy integration into existing systems
- Flexible set of rules for mapping data sovereignty requirements
- Context and situational restrictions