The data and information security landscape is changing more rapidly than ever before. Hacking expertise is escalating, as is the speed to market and adoption of new technologies. This, along with increasing legislation aiming to protect data owners, presents a major business challenge.

EPI-USE Labs can help you to navigate this complex and critical field with a suite of solutions covering data risk, security, privacy and compliance. To provide our clients with comprehensive protection, we have also partnered with Soterion, whose compliance software solves GRC (Governance, Risk management and Compliance) for SAP clients.

Play video

What are your SAP data privacy and security challenges?

Increase SAP data privacy compliance

Increase data privacy compliance in SAP

The aim of any privacy project is to increase compliance with the required data privacy laws within the company’s jurisdiction. And SAP’s structure makes addressing data privacy compliance particularly tricky. One of the most compelling reasons for data privacy compliance is the enforcement fines; the new laws provide for high financial sanctions to be applied by legal bodies. 

We have been implementing privacy projects around the globe in multiple industries for over 20 years, and have identified essential steps in a common project approach:

  • Identify your risks: Impact and risk assessment
  • Find and map your PII
  • Review access Risk and Controls
  • Clean up the backlog in Production
  • Manage PII in Production copies
  • Handle Data Subject Access Requests (DSARs)
  • Process individual requests for removal
  • Proactive identification of Data Subjects
  • Ongoing audit and review
Respond to Right to Access/Removal

Respond to the Right to Access/Removal in Production systems

Whether you’re adhering to PDPA in Thailand, one of the state laws in the USA, or GDPR in Europe, you are required to provide a response to the Right to Access and deletion of personal data from your environment.

The Right to Removal does not overrule any of your other legal and compliance requirements, such as keeping records for tax audit. You now need to find a way to validate if data is required for any other legal reason, and if not, remove sensitive data from your system.

SAP presents a challenge in data removal; as a relational database, the sensitive data is intrinsically linked with your business transactions. So traditional ways of archiving or deleting mean you need to remove your transactions and master data completely.

EPI-USE Labs provides an alternative in Data Redact, removing the PII from records but leaving the referential integrity of the solution. And Data Disclose provides effective PII mapping in a PDF output, allowing an efficient process to respond to the Right to Access.

Scramble data in non-production systems

Scramble data in non-production systems

Every business needs to test their processes, whether it’s the annual payroll taxation updates, service pack upgrade or new customizations. You don’t want to find out you have an issue with the new processes in Production; so most businesses will take a copy of their Production systems and create test environments.

The number of testing environments varies depending on the business, but a typical set-up would be to have

  • Development with limited to no real data
  • Quality a reduced data copy from Production
  • Pre-production a full copy of the Production database.

The new privacy laws state that you must have informed and explicit consent for the use of the data relating to data subjects. In our experience, most businesses do not have this consent for using data for testing purposes. Even if you did have a consent process there is an additional challenge in understanding what to do for a no-consent response from a data subject.

We recommend data anonymisation with Data Secure, providing direct in-place data anonymisation, or the ability to scramble on exit when linked with Client Sync, part of the Data Sync Manager Suite.

Understand data privacy & security risks

Understand and mitigate your data privacy and security risks

To solve a problem, you first need to understand the problem. For both data privacy and security, you need to understand the risks you hold in your business process and your IT estate.

Consider your business processes and security risks. For example, do your front office or HR colleagues take notes during calls? If so, what is the security process for those notes? Are you following best practice for data security throughout your business? 

Regarding your IT estate, three primary considerations are:

  • External threat: Network and infrastructure security such as firewalls or VPN protection.
  • Internal threat: The risk of access to data in the network / SAP system.
  • Compliance risk: Where is your PII and how is it being managed?

Our comprehensive SAP data privacy assessment service provides transparency about the Internal and Compliance risks for your business.

Drive business-centric GRC for SAP

Drive business-centric GRC for SAP

Governance, Risk and Compliance (GRC) solutions take many aspects of access risk into account. We are partnered with Soterion, offering a fast, efficient analysis of your GRC risks with standard delivered rulesets to cover:

  • Segregation of Duties (SoD)
  • Privacy: users accessing sensitive data
  • Cross-jurisdictional data access
  • Critical transaction risk.

These solutions can integrate between SAP and cloud applications (such as SAP SuccessFactors) to provide a holistic view of your access risk.

Soterion also offers assessment of your system licences, firefighter access processes and more.

Minimize SAP attack surface

Minimize attack surface in your SAP landscape

To protect sensitive data, consider reducing ‘the attack surface’ in your SAP landscape – the topography of the systems and data which can be attacked. Data masking or obfuscation can keep the referential integrity and functionality of your test, training, sandbox and development system data without making data subjects identifiable, or leaving sensitive data fields exposed.

Data Secure, part of EPI-USE Labs’ Data Sync Manager (DSM) suite, is a complete data protection solution that masks SAP data to safeguard sensitive information. It allows the data to function correctly with hundreds of pre-delivered masking rules. New rules can be built from scratch, existing ones extended or content downloaded from other community users on our collaborative platform, Client Central. The result is real-time data protection.

Many companies have integrated SAP landscapes with data distributed across ERP, CRM, SRM, and external environments. Data Secure anonymizes integrated data objects consistently on different systems.

Need to scramble data outside SAP? Our custom development team can build a solution that will scramble data, which extends Data Secure to non-SAP systems.

SOFTWARE

Data Privacy Suite for SAP solutions

Comply with data privacy legislation

Our innovative data privacy and compliance solution helps companies with SAP® systems comply with legislation like GDPR (the General Data Protection Regulation) and other data privacy legislation.

 

Soterion Access Risk Manager

Get business-centric, effective GRC for SAP

With Soterion and EPI-USE Labs, you can assess, update and maintain roles and authorizations in a cost-effective and intuitive way, and comply with data privacy regulations.

Play video
 

Archive Central

Ringfencing specific information for regulatory compliance. 

Archive Central™ is a role-based, secure web solution that gives Data Privacy Officers (DPOs) or business users access to historical data for queries, reporting and comparisons.  Encrypt sensitive information such as PII for security and regulatory compliance. 

Play video

SERVICES

Data privacy consulting

Play video

SAP is one of the most robust systems in the world, but also one of the most complex, and its structure makes addressing compliance with data privacy legislation particularly tricky. Detailed domain knowledge is required to map and understand the cross-functional integration of multiple SAP objects and systems.

As a longstanding SAP Partner, EPI-USE Labs has an in-depth understanding of how SAP data is structured. We have developed in-depth knowledge of SAP, and our integrity mapping is defined both on the individual field level and between systems.

We help our clients comply with data privacy laws by scrambling non-production data copied out of Production systems. We also address the de-sensitisation of data in Production with our redaction technology. Our cutting-edge software combined with our extensive project experience across multiple countries and industries means we can give you expert guidance on your data privacy challenges.

Mass data removal services

Clear historical data you no longer have legal grounds for storing, such as bank account details, with a simple process.

Learn more

Privacy and security assessments

We can help you to understand and identify your Personally Identifiable Information (PII), and assess your access risks.

Learn more

Access risk assessments and role redesign

Get insights into the access risk in your SAP system and mitigate it with a new role redesign that is fit for purpose. 

Get further insights to manage your SAP data privacy, security and risk

Data Security Blogs

Read blogs:
Let's Talk Data Security

Learn more

SAP data privacy Ultimate Guide

Explore ultimate guide:
Road to SAP data privacy compliance

Read more

Data Privacy and Security webinar

Watch webinars:
Data Privacy and Security

Watch more

Privacy and Security success stories

Client success:
Data privacy and security

Learn more

Useful SAP downloads

Download: ebooks,
white papers and more

See more

Get in touch

Manage your SAP data privacy, security and risk