-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services RISE BRIDGE Managed Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
JM adopts solutions to comply with GDPR
Effective business processes to comply with GDPR
Automatic removal of sensitive data outside retention period
Reduced risk: test systems
no longer have sensitive data
The key thing here has been that we can keep all our data but remove all the sensitive parts of it. The EPI-USE Labs solutions have brought us great benefits.
About JM
JM is one of the leading developers of housing and residential areas in the Nordic region. Operations cover production of new homes, with a focus on expanding metropolitan areas and university towns in Sweden, Norway and Finland.
Data Sync Manager demo Data Privacy demo DOWNLOAD SUCCESS STORY
The challenges of protecting sensitive personal data
In 2015, JM was facing the challenge of protecting personal data integrity and avoiding General Data Protection Regulation (GDPR) penalties, in the following areas:
The team at JM decided to make some positive changes to comply with GDPR, notably:
- focus on business owners instead of IT systems
- fund improvements to information security
- provide helpful software tools
- make the improvement project a top priority for everyone.
We involved EPI-USE Labs early in the project, developing requirements and specifications interactively.
Solutions to manage and redact personal data
JM selected Object Sync™ and Data Secure™, part of the Data Sync Manager™ (DSM) suite, to copy and scramble subsets of data for testing and training purposes. By reducing their data footprint in non-production environments, they can remove personal data from their test environments. Additionally, for GDPR compliance it is important to show data protection by design and by default. By using DSM for refreshing data in the non-production system, JM can demonstrate this principle.
JM now also uses Data Disclose™, Data Redact™ and Data Retain™, part of the Data Privacy suite. Data Disclose is used for Subject Access Requests (to comply with GDPR Article 15). The JM team is able to search their SAP systems, and provide a branded PDF document detailing the individual’s data stored in their systems. Data Redact, which is used to redact the data that identifies an individual (to comply with GDPR Article 17 and the right to erasure), allows JM to respond to any removal requests. It also enables JM to redact any personal data in their SAP systems that falls outside their data retention policies, regularly and proactively.
JM partnered with EPI-USE Labs to be a ramp-up client for Data Retain, which provides a visual UI for configuring and running retention rules, and submissions to Data Redact for keys that are due for redaction.
EPI-USE Labs was also able to assist with the initial mass clean-up across several data sets, including Customers, Vendors, Employees and Accounting Documents, using their System Landscape Optimisation capabilities.
Our business transactions can span over a long time – some over 30 years – and we wanted to keep the data, while removing the sensitive parts we didn’t need. EPI-USE Labs’ Data Privacy suite allowed us to do this.
Ongoing compliance with GDPR
JM has been able to use EPI-USE Labs’ solutions to support their business processes and comply with GDPR demands in areas where data was at risk, and within a short timeframe:
- A proactive approach removes sensitive data automatically, as soon as it is outside its retention period.
- Test systems no longer contain sensitive data, lowering the risk of breaches by internal users or partners accessing non-production environments.
JM’s next step in their GDPR journey is to implement information security routines in operations. Working with EPI-USE Labs, they plan to set up retention programmes in their SAP systems.
Data Sync Manager demo Data Privacy demo DOWNLOAD SUCCESS STORY
With the EPI-USE Labs’ approach, we can anonymise and redact sensitive data rather than archive, meaning business transactions may stay in the system without being related to an identifiable individual. Now, when starting projects we have frameworks for how to do information sensitivity and risk analyses, and from there come the requirements on the IT side, including the sensitivity of data – the complete information security perspective.
GDPR compliance success stories
Global Service Provider
MAPA GmbH
VELUX group
Manage your sap environment
Simplify your SAP Security & Compliance
© 2024 EPI-USE Labs
Trafford House, 11th Floor, Chester Road, Stretford, Manchester, United Kingdom, M32 0RS •Other Office Locations