390043-ENGIE-SS-Landing-page

GDPR Compliance: How ENGIE implemented the Data Privacy Suite for SAP

ENGIE implemented the EPI-USE Labs’ Data Privacy Suite for SAP solutions to address their data privacy compliance, including with the GDPR.

Achieved GDPR goals

Anonymised personal and sensitive data

Ability to redact data outside retention period

Reduced risks in the systems

About ENGIE

ENGIE is a global benchmark group in low-carbon energy and services. With their 96,000 employees, customers, partners, and stakeholders, they are committed every day to accelerate the transition to a carbon-neutral world, through reduced energy consumption and more environmentally friendly solutions. Inspired by their purpose, they combine economic performance and positive impact on people and the planet by relying on their key business (gas, renewable energies, services) to offer competitive solutions to their customers.

DOWNLOAD SUCCESS STORY

ENGIE’s data privacy and security challenges

Utilities giant ENGIE’s SAP IS-U system contains the data of millions of clients; and an important part of their strategy is ensuring they are compliant with data privacy regulations. As many of their clients are located in Europe, this includes compliance with the GDPR (the European Union’s General Data Protection Regulation).

During an audit of ENGIE’s assets by CNIL (Commission nationale de l’informatique et des libertés – the French National Regulator for GDPR), ENGIE’s major residential customer platform was reviewed. To meet required anonymisation criteria, ENGIE had to prioritise their Production data, followed by non-production data, in line with the recommendations from CNIL’s evaluations. ENGIE’s first step was to identify and analyse the Personally Identifiable Information (PII) in their 15-year-old 80TB SAP system. They had to remove Production data, and anonymise non-production data.

Being a utilities company, security is key. We work with a lot of clients, so securing our system and being able to archive and forget part of our data was very important for us. EPI-USE Labs has helped enormously with these needs.

Ronan Menou
SAP Solution Architect, ENGIE

Implementing the Data Privacy Suite for SAP solutions

ENGIE and EPI-USE Labs worked together to address ENGIE’s data privacy compliance, including implementing EPI-USE Labs’ Data Privacy Suite for SAP solutions.

Technical workshops helped to identify which data needed to be addressed. As EPI-USE Labs has mapped the SAP data model for Utilities, this make it quicker to identify which data is personal, and which is not (for example, the field for BP name is personal data, and the POD number is not, whereas meter reading results are).

EPI-USE Labs implemented three components of the Data Privacy software suite:

  • Data Secure™: With Data Secure, ENGIE was able to anonymise all the personal and sensitive data in their non-production system, and thus reduce the risks
  • Data Redact™: To address the challenge of the ‘Right to be Forgotten’ principle as outlined in the GDPR, EPI-USE Labs redacted field data from the Production system, without removing any transactions or business data. This was done quickly and seamlessly without affecting referential integrity
  • Data Retain™: Using Data Retain, EPI-USE Labs was able to proactively highlight sensitive data suggested for redaction based on pre-determined flexible business rules.

We had a lot of conversations with EPI-USE Labs, and the result was great. The implementation was completed with the right format, at the right time, in accordance with the regulator’s request.

Ronan Menou
SAP Solution Architect, ENGIE

Compliance with GDPR

After working closely with the EPI-USE Labs technical specialists, ENGIE managed to address all their project needs. Having implemented Data Secure, Data Retain and Data Redact, they were able to anonymise the sensitive and personal data within their non-production system, ensuring compliance with the GDPR. They could also redact data from their Production system to adhere to the GDPR’s ‘Right to be Forgotten’ where applicable.

These actions not only secured their critical information, and the safety of their client’s data, but significantly mitigated risks to the system.

One of the main benefits is that it’s an out-of-the box solution. Even though our system is really complex , we had a basis to start with the project and the implementation immediately.

Ronan Menou
SAP Solution Architect, ENGIE

Anonymised sensitive data on non-production system

Implemented simple process to comply with GDPR

Sped up process to proactively manage data requests

Gained insights and reduced risks on system

Passed re-audit by the CNIL