James is responsible for the global line of business for EPI-USE Labs' data privacy and SAP IS-* Solutions, supporting all regions and key accounts running Data Sync Manager (DSM) for these complex requirements. With a functional and business background of over 20 years, James provides the bridge between Development, Basis, Test/Competency Centres and leadership teams to provide guidance and advise on the route to data privacy compliance. His history includes SAP specialisms in non-production data management and anonymisation, Production data removal or redactions, System Landscape Optimisation (SLO) and SAP industry solutions.
As per my previous post, the deadline for GDPR compliance is looming - and it will affect any company which holds data for a European Union citizen. In this post, I highlight how EPI-USE Labs can help you prepare your non-productive SAP landscape to hold only a “proportional amount of data” for the use case of each system.
Under GDPR, a clear use case for the processing of data will be required. In its simplest form, the use case for production would be that real customer data needs to be maintained in order to service that customer.
Proportionality will come into play when you have to prove that you need to keep all data in production, for example:
However, a typical SAP landscape is made up of a Development, Quality, Pre-Production and Production environment, with some customers also supporting a Training environment. Each of these systems has a requirement for real production data (use case) in order to maximise the efficiency of new developments and changes, testing and training. But, you need to ask yourself:
I have always found the standard SAP SWPM tools to complete a client copy and refresh your system are both system and human-resource intensive activities, but also only allow you to complete a full copy of all data. With EPI-USE Labs’ Data Sync Manager™ (DSM) product suite, you can select the amount and type of data you need, to copy data between systems. The two products I want to discuss in more detail are Client Sync™ and Object Sync™.
With this product, our services team can consult with you and train you to ensure each system only contains the data required. You can choose to copy:
Therefore, you can prove your proportional aspect by only copying the data which is required for your specific need in the non-production environment. You can present clear evidence, down to a table level, of what data has and hasn’t been copied for auditors to review and sign off. For example, if you are testing new Materials but also manage HR, then using Copy 3 above would bring all your material data, but no HR data. The software reporting will then demonstrate that no data was selected from the PA* tables.
In addition, with Client Sync you can select individual tables to protect, delete or replace on refresh, allowing for example all Change Documents to be removed from your non-productive systems and any Protected Data held within. You can also configure the Logical Systems in your environments, and the BDLS conversions will be completed as part of the process, or protect the users in the client to be refreshed ensuring the least amount of effort per refresh.
When copying Transactional Data, you can also apply a time-slice so that only data records since DD/MM/YYYY will be selected. Built into the selection process is the ability to identify any current SAP documents which have documents attached which precede the specified date, and it automatically includes these to ensure a consistent database is created. Again, this speaks to proportionality; if you don’t need all ten years’ worth of production data, then only copy the last year.
With these selections, you can copy real production data back into your landscape while maintaining a proportionate data size and evidence to your auditors as to what selections have been made.
Object Sync allows on-demand copying where you can select both Master and Transactional Data according to individual objects. So if you need the Material Master Data for a certain set of materials for testing, you can select and copy this from a list of Material numbers. Our object model ensures that all related data is also copied to ensure a consistent cut of your system. This gives you the ability to be highly selective in the data you move out of your production environment, and to demonstrate how you use this to achieve a proportionate data set.
With the combination of Client Sync Customising only and Object Sync, this allows you to be very selective of the data you move outside of production, down to taking individual objects and their corresponding data to exactly meet your use case for the data. This is just one element of GDPR, however it may prove to be a difficult one to adjust to. With Client Sync and Object Sync, you can reduce the data footprint of your non-production system, thus enhancing your compliance position under Article 5 of GDPR.
If you want any further information, please contact our GDPR specialist team at gdpr@labs.epiuse.com
© 2024 EPI-USE Labs
Trafford House, 11th Floor, Chester Road, Stretford, Manchester, United Kingdom, M32 0RS •Other Office Locations
Leave a Comment: