-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services RISE BRIDGE Managed Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
GDPR: the Data Adequacy and Data Minimisation principle
23 November 2017
Written by Louis Emmanuel Ojuwu
With a background in IT Security, networking and web development and a strong understanding of security policies and rules, Louis is a Services Consultant in the EPI-USE Labs European team. He has been involved in over 30 Data Sync Manager implementations across a wide range of industry sectors, and has recently completed a GDPR certification.
The Data Protection Act (current law) requires companies to ensure that they only collect the personal data they need for the purposes they have specified. They are also required to ensure that the personal data they collect is sufficient for the purpose for which it was collected.
This is retained with more emphasis as part of the six principles of the General Data Protection Regulation (GDPR) - known as the Data Adequacy and Data minimisation principle (see Article 6 1(c) and Article 5, 1(C) of the GDPR).
Many non-EU organisations collect personal data, and then later decide the purpose for which they wish to use this data. The Directive does not permit this approach, and the GDPR tightens the restrictions further, stating that organisations should not collect data that isn't necessary for a specified purpose that has been notified to data subjects.
Data Minimisation has many different interpretations but this stands out:
Example: The purpose limitation principle
- Organisation A is a reinsurer. It provides services to insurance companies. Over the years it has collected large amounts of personal data relating to insured data subjects. It would now like to combine data from its various customers into a single database, to enable it to price its products more accurately. Can it do this?
- Personal data collected for one purpose (e.g. performance of an insurance contract) cannot be used for a new, incompatible purpose (e.g. creating a database of information about insured data subjects to set prices more accurately). Organisation A might be able to achieve its aims by taking additional steps (e.g. obtaining the consent of the affected individuals or by anonymising the data before creating the database - subject to the need to ensure that such anonymisation is, itself, lawful processing of personal data).
Can EPI-USE Labs help with this?
Client Sync™, part of the Data Sync Manager™ suite, allows you to take a time-slice of data (e.g. 'X' months as opposed to using DB copy or SAP full copy process which implies entire Business and Personal data history worth over 5 - 10 years or more). This minimises and reduces organisation data footprint, with only the minimum data needed for testing or business use-cases.
Employee sensitive data can be immediately excluded from Sync in non-production environment when not needed. This gives you as a business more granular control and ownership of the data set copied, thereby further reducing the personal data footprint.
Posts by Topic
- GDPR (41)
- Data Privacy (32)
- Data Security (31)
- Data Secure (21)
- GDPR compliance (19)
- Data Redaction (13)
- data scrambling (13)
- Data Redact (12)
- General Data Protection Regulation (12)
- POPI Act (11)
- POPIA (10)
- SAP Data Security (10)
- SAP GDPR (10)
- SAP data privacy and compliance (10)
- Data Archiving (9)
- Data Sync Manager (9)
- Data privacy regulations (8)
- Right to be forgotten (8)
- Data privacy compliance (7)
- GDPR readiness (7)
- GDPR deadline (6)
- Personal data (6)
- SAP (6)
- SAP security (6)
- SAP systems (6)
- GRC for SAP (5)
- SAP data privacy and security (5)
- Access Risk management (4)
- Access risk controls (4)
- Data Privacy suite (4)
- Data minimisation (4)
- Data security breaches (4)
- Governance, Risk Management and Compliance (GRC) (4)
- compliance (4)
- COVID-19 (3)
- Data privacy by design (3)
- Risk monitoring (3)
- SAP data copying and masking (3)
- SAR (3)
- Soterion (3)
- Subject Access Request (3)
- anonymised data (3)
- Australian Privacy Act 1988 (2)
- CCPA (2)
- Cenoti (2)
- Client Sync (2)
- Data Protection Day (2)
- Data masking (2)
- EPI-USE Labs’ solutions (2)
- European operations (2)
- Federal Law (2)
- GDPR fine (2)
- Guest order (2)
- ICO (2)
- May 2018 (2)
- Object Sync (2)
- One-time customer (2)
- Privacy by Design (2)
- Reducing risk (2)
- Right to Erasure (2)
- Risk minimisation (2)
- S/4HANA Migrations (2)
- SAP S/4HANA (2)
- SAP data (2)
- SAP data privacy & security (2)
- Secure scrambled production data for testing (2)
- Test Data Management (2)
- security breach (2)
- Backlog privacy debt (1)
- Black Friday (1)
- Black Friday hangover (1)
- Black Friday sales (1)
- Breach Notification (1)
- Brexit (1)
- Budget (1)
- Canada data privacy legislation (1)
- Cenoti, connecting SAP with Splunk (1)
- Cloud migrations (1)
- Confidentiality (1)
- Consent (1)
- DSM (1)
- DSM Readiness Assessment (1)
- Data Diclose (1)
- Data Portability (1)
- Data Removal (1)
- Data Replication (1)
- Data Sync Manager (DSM) (1)
- Data integrity (1)
- Data privacy assessment (1)
- Data processor versus controller (1)
- Data retention rules (1)
- Documentation (1)
- Employee data (1)
- Europe (1)
- Friday 25 May 2018 (1)
- GDPR-type legislation (1)
- GRC (1)
- GRC for SAP tools (1)
- General Data Protection (1)
- HCM (1)
- HR (1)
- ILM (1)
- Information Commissioner’s Office (1)
- Information transfer (1)
- Infotype 41 (1)
- JSOX (1)
- New Zealand Privacy Act (1)
- News (1)
- Online shopping (1)
- Penalties (1)
- Personal Data Protection Law (PDPL) (1)
- Phantom (1)
- Proportional Data (1)
- Protect personal employee data (1)
- Removing data in SAP (1)
- Right to Access (1)
- Rise with SAP (1)
- Risk management (1)
- S4HANA (1)
- SAP Cloud (1)
- SAP Data Privacy Suite (1)
- SAP RISE (1)
- SAP SuccessFactors (1)
- SAP access risk simulations (1)
- SAP data encryption (1)
- SIEM (1)
- SOX (1)
- Sarbanes-Oxley (SOX) legislation (1)
- Saudi Arabia (1)
- Security (1)
- Security Information and Event Management (1)
- Security for SAP. Live (1)
- Sensitive HCM data (1)
- South African data privacy legislation (1)
- Splunk (1)
- Splunk UBA (1)
- Splunk’s Enterprise Security (1)
- Success Factors (1)
- Territorial Scope (1)
- UK Government (1)
- User Access Review (1)
- Virtual conference (1)
- What does the European GDPR mean for Australia? (1)
- ebook (1)
- masking rules (1)
- quality of test data (1)
- system copy (1)
- uk sox (1)
Blog Archive
- July 2024 (1)
- November 2023 (1)
- October 2023 (1)
- March 2023 (1)
- October 2021 (1)
- July 2021 (2)
- June 2021 (1)
- May 2021 (1)
- February 2021 (1)
- January 2021 (1)
- December 2020 (1)
- November 2020 (2)
- October 2020 (1)
- September 2020 (2)
- August 2020 (1)
- June 2020 (2)
- January 2020 (1)
- November 2019 (1)
- October 2019 (1)
- September 2019 (2)
- August 2019 (1)
- July 2019 (2)
- January 2019 (2)
- November 2018 (3)
- October 2018 (6)
- September 2018 (2)
- July 2018 (1)
- May 2018 (1)
- April 2018 (1)
- March 2018 (1)
- January 2018 (1)
- December 2017 (1)
- November 2017 (2)
- August 2017 (1)
- July 2017 (2)
- June 2017 (1)
- May 2017 (3)
- February 2017 (1)
- January 2017 (1)
- October 2016 (1)
- June 2016 (1)
Explore Popular Tags
GDPR Data Privacy Data Security Data Secure GDPR compliance Data Redaction data scrambling Data Redact General Data Protection Regulation POPI Act POPIA SAP Data Security SAP GDPR SAP data privacy and compliance Data Archiving Data Sync Manager Data privacy regulations Right to be forgotten Data privacy compliance GDPR readiness GDPR deadline Personal data SAP SAP security SAP systems GRC for SAP SAP data privacy and security Access Risk management Access risk controls Data Privacy suite Data minimisation Data security breaches Governance, Risk Management and Compliance (GRC) compliance COVID-19 Data privacy by design Risk monitoring SAP data copying and masking SAR Soterion Subject Access Request anonymised data Australian Privacy Act 1988 CCPA Cenoti Client Sync Data Protection Day Data masking EPI-USE Labs’ solutions European operations Federal Law GDPR fine Guest order ICO May 2018 Object Sync One-time customer Privacy by Design Reducing risk Right to Erasure Risk minimisation S/4HANA Migrations SAP S/4HANA SAP data SAP data privacy & security Secure scrambled production data for testing Test Data Management security breach Backlog privacy debt Black Friday Black Friday hangover Black Friday sales Breach Notification Brexit Budget Canada data privacy legislation Cenoti, connecting SAP with Splunk Cloud migrations Confidentiality Consent DSM DSM Readiness Assessment Data Diclose Data Portability Data Removal Data Replication Data Sync Manager (DSM) Data integrity Data privacy assessment Data processor versus controller Data retention rules Documentation Employee data Europe Friday 25 May 2018 GDPR-type legislation GRC GRC for SAP tools General Data Protection HCM HR ILM Information Commissioner’s Office Information transfer Infotype 41 JSOX New Zealand Privacy Act News Online shopping Penalties Personal Data Protection Law (PDPL) Phantom Proportional Data Protect personal employee data Removing data in SAP Right to Access Rise with SAP Risk management S4HANA SAP Cloud SAP Data Privacy Suite SAP RISE SAP SuccessFactors SAP access risk simulations SAP data encryption SIEM SOX Sarbanes-Oxley (SOX) legislation Saudi Arabia Security Security Information and Event Management Security for SAP. Live Sensitive HCM data South African data privacy legislation Splunk Splunk UBA Splunk’s Enterprise Security Success Factors Territorial Scope UK Government User Access Review Virtual conference What does the European GDPR mean for Australia? ebook masking rules quality of test data system copy uk sox
+ See More
Leave a Comment: