Given GDPR constraints and consideration, it would be great that Outsystems could support this natively.
This could be done in a way that entity attributes could be marked as sensitive data (works for GDPR and other data protection requirements) and additionally set a list of roles that could access them (kind of while list roles, or ACL - Access Control List - roles).
Attribute would be presented (or made available) if requesting user has a granted role and if not a specific tag would be presented, e.g. "<protected>" (to distinguish between protected data from empty/null data).
Note that attribute would not need to be encryted on the DB, that would easily allow for searches.
To sum up, requirement is to rapidly and with low (to none) code be able to restrict access to sensitive data, out of the box.