GDPR for SAP: What’s the impact two years on?

12 June 2020
Written by Paul Hammersley

As Senior Vice-President of the ALM Products at EPI-USE Labs, Paul Hammersley's portfolio includes test data management, landscape optimisation, and archiving. He has been a remarkable technical force in the SAP arena for over 20 years, and has extensive hands-on experience of implementing Data Sync Manager (DSM) and helping clients to manage data across the breadth of their SAP landscapes.

blog_gdpr-for-sap_header-image

Early movers

It’s hard to believe it's only been two years since the General Data Protection Regulation (GDPR) came into force. This is partly because there was a long sunrise period during which we were extremely busy with clients who were being very proactive around their SAP compliance, in advance of the ‘deadline’.

 

We introduced some features in double-quick time to enable specific use cases that these clients needed, such as being able to exit the process of submitting someone for redaction, so that other processes could be embedded. We also enabled exits to adapt the output of data, and even provide charts of information as part of a Subject Access Request. For the most part, those early adopters implemented the scope agreed before GDPR came into force, and that’s how their solutions have remained.

More recent implementations

I was surprised at how we actually had so many more clients sign up for our solutions after May 2018. This included organisations who had identified processes they needed to support, and had been looking for vendors, or weighing up the level of effort to try to do something themselves. Many of those had more systems in scope, and complex relationships between groups of systems. This required more consideration around how we implement, rather than many new feature requests. The things we’d envisaged and discovered early on at clients seemed to cover most of what the later clients also wanted to do. We had some unexpected needs to support complex language characters in the PDF output, and some capability to allow multiple brands to be supported from one SAP system, which meant introducing a ‘company’ concept with Data Disclose™ to control the logo and free text for output. But apart from that, it was interesting new data types, but using the same extensible model.

Partial removal of data

One of the big benefits of Data Redact™ has proved to be the laser-like focus you can apply to defining what to redact or even remove. For example, keeping a record of employees who have left seems to be something many companies do for a long time, but removing their family members’ details needs to happen very soon after they have left.

 

Another good example is removing contact persons at a Customer or on a Sales Order, without the need to archive the entire customer master and its order history. This capability to redact or remove just parts of the data is much harder to achieve, or completely impossible in some cases, with standard SAP archiving and ILM.

New functionality

In the latest release (build 148) of Data Sync Manager 5, the base for our Data Privacy/GDPR Compliance suite, there are some nice new features:

 

  •  PII Type and LP Type editors, which make configuration of extensions much easier
  •  A dedicated launchpad within the SAP GUI version
  •  A Monitor Desk for Data Redact™ to allow more detailed visibility of run information

We do have a few more things currently in the pipeline too, so watch this space!

 

 

New call-to-action

 

 

 

Explore Popular Tags

GDPR Data Privacy Data Security Data Secure GDPR compliance Data Redaction data scrambling Data Redact General Data Protection Regulation POPI Act POPIA SAP Data Security SAP GDPR SAP data privacy and compliance Data Archiving Data Sync Manager Data privacy regulations Right to be forgotten Data privacy compliance GDPR readiness GDPR deadline Personal data SAP SAP security SAP systems GRC for SAP SAP data privacy and security Access Risk management Access risk controls Data Privacy suite Data minimisation Data security breaches Governance, Risk Management and Compliance (GRC) compliance COVID-19 Data privacy by design Risk monitoring SAP data copying and masking SAR Soterion Subject Access Request anonymised data Australian Privacy Act 1988 CCPA Client Sync Data Protection Day Data masking EPI-USE Labs’ solutions European operations Federal Law GDPR fine Guest order ICO May 2018 Object Sync One-time customer Privacy by Design Reducing risk Right to Erasure Risk minimisation S/4HANA Migrations SAP S/4HANA SAP data privacy & security Secure scrambled production data for testing Test Data Management security breach Backlog privacy debt Black Friday Black Friday hangover Black Friday sales Breach Notification Brexit Budget Canada data privacy legislation Cenoti Cloud migrations Confidentiality Consent DSM DSM Readiness Assessment Data Diclose Data Portability Data Removal Data Replication Data Sync Manager (DSM) Data integrity Data privacy assessment Data processor versus controller Data retention rules Documentation Employee data Europe Friday 25 May 2018 GDPR-type legislation GRC GRC for SAP tools General Data Protection HCM HR ILM Information Commissioner’s Office Information transfer Infotype 41 JSOX New Zealand Privacy Act News Online shopping Penalties Personal Data Protection Law (PDPL) Proportional Data Protect personal employee data Removing data in SAP Right to Access Rise with SAP Risk management S4HANA SAP Cloud SAP Data Privacy Suite SAP RISE SAP SuccessFactors SAP access risk simulations SAP data SAP data encryption SOX Sarbanes-Oxley (SOX) legislation Saudi Arabia Security Security for SAP. Live Sensitive HCM data South African data privacy legislation Success Factors Territorial Scope UK Government User Access Review Virtual conference What does the European GDPR mean for Australia? ebook masking rules quality of test data system copy uk sox
+ See More

Get Instant Updates


Leave a Comment: