Data Redact.png Data Redact

Overview

Data Redact is our unique Fiori app which has been specifically developed to address the Right to be Forgotten challenge. As part of our GDPR Compliance Suite for SAP, it quickly and seamlessly redacts field data without affecting referential integrity. This means the data can no longer be identified and linked to a specific individual, but business reporting and referential integrity are unaffected.


By redacting fields which are sensitive, or can be used to identify the natural person, the rest of the data can be retained which drastically lowers the impact on reporting and the risk of adverse effects on other business processes or other areas of SAP, such as related CRM systems.

Tackling the Right to be Forgotten with Data Redact

As the data is effectively removed for identification purposes, you can easily and cost-effectively comply with the legislation and the individual’s Right to be Forgotten when you see fit. Once a record has been redacted there is no link back to who the natural person was, and any field which in itself is also sensitive is also redacted. From that point onwards the record has been fully anonymised.

The following three-step process is implemented:

1
Submit data for redaction

Records identified in Data Disclose or Data Retain are submitted for redaction

2
Execute redact

A different user role is required to receive those submissions in Redact, review the information, and execute redaction in real time

3
Retain an audit log

An audit log is retained for a one-month period before being automatically removed


Some existing SAP solutions attempt to address this challenge by blocking access for processing, or perpetual archiving, neither of which are ideal solutions in this scenario - read more in our FAQ response.

Business Benefits

Article 17 of the GDPR dictates that individuals have the Right to Erasure (Right to be Forgotten); the right to have personal data erased and to prevent processing in some specific circumstances. Data Redact allows you to remove the sensitive or identifying data without removing the entire record. This makes the process simpler and less invasive. The data is effectively submitted for redaction so the data cannot be identified. Data Redact reactively addresses the Right to be Forgotten.

For more information, please schedule a discovery session, watch our on-demand GDPR webinars or learn more about our GDPR consulting services.