-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
GDPR Compliance: How ENGIE implemented the Data Privacy Suite for SAP
Achieved GDPR goals
Anonymised personal and sensitive data
Ability to redact data outside retention period
Reduced risks in the systems
About ENGIE
ENGIE is a global benchmark group in low-carbon energy and services. With their 96,000 employees, customers, partners, and stakeholders, they are committed every day to accelerate the transition to a carbon-neutral world, through reduced energy consumption and more environmentally friendly solutions. Inspired by their purpose, they combine economic performance and positive impact on people and the planet by relying on their key business (gas, renewable energies, services) to offer competitive solutions to their customers.
ENGIE’s data privacy and security challenges
Utilities giant ENGIE’s SAP IS-U system contains the data of millions of clients; and an important part of their strategy is ensuring they are compliant with data privacy regulations. As many of their clients are located in Europe, this includes compliance with the GDPR (the European Union’s General Data Protection Regulation).
During an audit of ENGIE’s assets by CNIL (Commission nationale de l’informatique et des libertés – the French National Regulator for GDPR), ENGIE’s major residential customer platform was reviewed. To meet required anonymisation criteria, ENGIE had to prioritise their Production data, followed by non-production data, in line with the recommendations from CNIL’s evaluations. ENGIE’s first step was to identify and analyse the Personally Identifiable Information (PII) in their 15-year-old 80TB SAP system. They had to remove Production data, and anonymise non-production data.
Being a utilities company, security is key. We work with a lot of clients, so securing our system and being able to archive and forget part of our data was very important for us. EPI-USE Labs has helped enormously with these needs.
Implementing the Data Privacy Suite for SAP solutions
ENGIE and EPI-USE Labs worked together to address ENGIE’s data privacy compliance, including implementing EPI-USE Labs’ Data Privacy Suite for SAP solutions.
Technical workshops helped to identify which data needed to be addressed. As EPI-USE Labs has mapped the SAP data model for Utilities, this make it quicker to identify which data is personal, and which is not (for example, the field for BP name is personal data, and the POD number is not, whereas meter reading results are).
EPI-USE Labs implemented three components of the Data Privacy software suite:
- Data Secure™: With Data Secure, ENGIE was able to anonymise all the personal and sensitive data in their non-production system, and thus reduce the risks
- Data Redact™: To address the challenge of the ‘Right to be Forgotten’ principle as outlined in the GDPR, EPI-USE Labs redacted field data from the Production system, without removing any transactions or business data. This was done quickly and seamlessly without affecting referential integrity
- Data Retain™: Using Data Retain, EPI-USE Labs was able to proactively highlight sensitive data suggested for redaction based on pre-determined flexible business rules.
We had a lot of conversations with EPI-USE Labs, and the result was great. The implementation was completed with the right format, at the right time, in accordance with the regulator’s request.
Compliance with GDPR
After working closely with the EPI-USE Labs technical specialists, ENGIE managed to address all their project needs. Having implemented Data Secure, Data Retain and Data Redact, they were able to anonymise the sensitive and personal data within their non-production system, ensuring compliance with the GDPR. They could also redact data from their Production system to adhere to the GDPR’s ‘Right to be Forgotten’ where applicable.
These actions not only secured their critical information, and the safety of their client’s data, but significantly mitigated risks to the system.
One of the main benefits is that it’s an out-of-the box solution. Even though our system is really complex , we had a basis to start with the project and the implementation immediately.
Anonymised sensitive data on non-production system
Implemented simple process to comply with GDPR
Sped up process to proactively manage data requests
Gained insights and reduced risks on system
Passed re-audit by the CNIL
