-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services RISE BRIDGE Managed Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
Nine essential steps for data privacy compliance in SAP
James is responsible for the global line of business for EPI-USE Labs' data privacy and SAP IS-* Solutions, supporting all regions and key accounts running Data Sync Manager (DSM) for these complex requirements. With a functional and business background of over 20 years, James provides the bridge between Development, Basis, Test/Competency Centres and leadership teams to provide guidance and advise on the route to data privacy compliance. His history includes SAP specialisms in non-production data management and anonymisation, Production data removal or redactions, System Landscape Optimisation (SLO) and SAP industry solutions.
SAP is one of the most robust systems in the world, but also one of the most complex, and SAP’s structure makes addressing data privacy compliance particularly tricky. Based on lessons learnt from multiple complex projects around the world, I have developed a set of essential steps in the implementation approach for data privacy compliance in SAP systems.
SAP is one of the most robust systems in the world, but also one of the most complex, and SAP’s structure makes addressing data privacy compliance particularly tricky. You need detailed domain knowledge to map and understand the cross-functional integration of multiple SAP objects and systems.
Having been an SAP partner for over 30 years, we have an in-depth understanding of how SAP data is structured, and have worked closely with companies around the world, helping them to become compliant with global data privacy legislation such as the GDPR (General Data Protection Regulation).
As of today, there have been at least 20 revised privacy laws enacted around the world, so your company may be subject to a wide range of regulations, and face hefty fines for non-compliance.
Based on lessons learnt from multiple complex data privacy projects around the world, I have developed a set of essential steps in the implementation approach for data privacy compliance in SAP systems.
The nine steps are:
- Identify your risks: Impact and risk assessment
- Find and map your PII
- Review access risk and controls
- Clean up the backlog in Production
- Manage PII in Production copies
- Handle Data Subject Access Requests (DSARs)
- Process individual Right to Deletion requests
- Proactive identification of Data Subjects
- Ongoing audit and review
You can explore these steps further in my latest ebook, which provides a practical guide for starting your implementation journey.
Posts by Topic
- GDPR (41)
- Data Privacy (32)
- Data Security (31)
- Data Secure (21)
- GDPR compliance (19)
- Data Redaction (13)
- data scrambling (13)
- Data Redact (12)
- General Data Protection Regulation (12)
- POPI Act (11)
- POPIA (10)
- SAP Data Security (10)
- SAP GDPR (10)
- SAP data privacy and compliance (10)
- Data Archiving (9)
- Data Sync Manager (9)
- Data privacy regulations (8)
- Right to be forgotten (8)
- Data privacy compliance (7)
- GDPR readiness (7)
- GDPR deadline (6)
- Personal data (6)
- SAP (6)
- SAP security (6)
- SAP systems (6)
- GRC for SAP (5)
- SAP data privacy and security (5)
- Access Risk management (4)
- Access risk controls (4)
- Data Privacy suite (4)
- Data minimisation (4)
- Data security breaches (4)
- Governance, Risk Management and Compliance (GRC) (4)
- compliance (4)
- COVID-19 (3)
- Data privacy by design (3)
- Risk monitoring (3)
- SAP data copying and masking (3)
- SAR (3)
- Soterion (3)
- Subject Access Request (3)
- anonymised data (3)
- Australian Privacy Act 1988 (2)
- CCPA (2)
- Cenoti (2)
- Client Sync (2)
- Data Protection Day (2)
- Data masking (2)
- EPI-USE Labs’ solutions (2)
- European operations (2)
- Federal Law (2)
- GDPR fine (2)
- Guest order (2)
- ICO (2)
- May 2018 (2)
- Object Sync (2)
- One-time customer (2)
- Privacy by Design (2)
- Reducing risk (2)
- Right to Erasure (2)
- Risk minimisation (2)
- S/4HANA Migrations (2)
- SAP S/4HANA (2)
- SAP data (2)
- SAP data privacy & security (2)
- Secure scrambled production data for testing (2)
- Test Data Management (2)
- security breach (2)
- Backlog privacy debt (1)
- Black Friday (1)
- Black Friday hangover (1)
- Black Friday sales (1)
- Breach Notification (1)
- Brexit (1)
- Budget (1)
- Canada data privacy legislation (1)
- Cenoti, connecting SAP with Splunk (1)
- Cloud migrations (1)
- Confidentiality (1)
- Consent (1)
- DSM (1)
- DSM Readiness Assessment (1)
- Data Diclose (1)
- Data Portability (1)
- Data Removal (1)
- Data Replication (1)
- Data Sync Manager (DSM) (1)
- Data integrity (1)
- Data privacy assessment (1)
- Data processor versus controller (1)
- Data retention rules (1)
- Documentation (1)
- Employee data (1)
- Europe (1)
- Friday 25 May 2018 (1)
- GDPR-type legislation (1)
- GRC (1)
- GRC for SAP tools (1)
- General Data Protection (1)
- HCM (1)
- HR (1)
- ILM (1)
- Information Commissioner’s Office (1)
- Information transfer (1)
- Infotype 41 (1)
- JSOX (1)
- New Zealand Privacy Act (1)
- News (1)
- Online shopping (1)
- Penalties (1)
- Personal Data Protection Law (PDPL) (1)
- Phantom (1)
- Proportional Data (1)
- Protect personal employee data (1)
- Removing data in SAP (1)
- Right to Access (1)
- Rise with SAP (1)
- Risk management (1)
- S4HANA (1)
- SAP Cloud (1)
- SAP Data Privacy Suite (1)
- SAP RISE (1)
- SAP SuccessFactors (1)
- SAP access risk simulations (1)
- SAP data encryption (1)
- SIEM (1)
- SOX (1)
- Sarbanes-Oxley (SOX) legislation (1)
- Saudi Arabia (1)
- Security (1)
- Security Information and Event Management (1)
- Security for SAP. Live (1)
- Sensitive HCM data (1)
- South African data privacy legislation (1)
- Splunk (1)
- Splunk UBA (1)
- Splunk’s Enterprise Security (1)
- Success Factors (1)
- Territorial Scope (1)
- UK Government (1)
- User Access Review (1)
- Virtual conference (1)
- What does the European GDPR mean for Australia? (1)
- ebook (1)
- masking rules (1)
- quality of test data (1)
- system copy (1)
- uk sox (1)
Blog Archive
- July 2024 (1)
- November 2023 (1)
- October 2023 (1)
- March 2023 (1)
- October 2021 (1)
- July 2021 (2)
- June 2021 (1)
- May 2021 (1)
- February 2021 (1)
- January 2021 (1)
- December 2020 (1)
- November 2020 (2)
- October 2020 (1)
- September 2020 (2)
- August 2020 (1)
- June 2020 (2)
- January 2020 (1)
- November 2019 (1)
- October 2019 (1)
- September 2019 (2)
- August 2019 (1)
- July 2019 (2)
- January 2019 (2)
- November 2018 (3)
- October 2018 (6)
- September 2018 (2)
- July 2018 (1)
- May 2018 (1)
- April 2018 (1)
- March 2018 (1)
- January 2018 (1)
- December 2017 (1)
- November 2017 (2)
- August 2017 (1)
- July 2017 (2)
- June 2017 (1)
- May 2017 (3)
- February 2017 (1)
- January 2017 (1)
- October 2016 (1)
- June 2016 (1)
Leave a Comment: