Let's Talk Data Security

Shared by our experts

Ready for GDPR: Non-Production Data Security

Aug 9, 2017 11:21:23 AM

My previous post explains how with the use of Data Sync Manager (DSM) and EPI-USE Labs you can ensure that the Data held in your non-production environments is proportional to its use, and therefore more compliant with Article 5 of GDPR. Of course, being proportionate is not the only method required to prove your compliance with GDPR; you can also consider obfuscating sensitive data. EPI-USE Labs is ready to assist here too.

From my research, Article 89 of GDPR deals with data security; this is a far-reaching topic, and rather than moving into network and security again, I’d like to focus on the SAP data and landscape.

Ready for GDPR: Proportional data usage

Jul 26, 2017 7:15:47 AM

As per my previous post, the deadline for GDPR compliance is looming - and it will affect any company which holds data for a European Union citizen. In this post, I highlight how EPI-USE Labs can help you prepare your non-productive SAP landscape to hold only a “proportional amount of data” for the use case of each system.

What is proportional data?

Under GDPR, a clear use case for the processing of data will be required. In its simplest form, the use case for production would be that real customer data needs to be maintained in order to service that customer.

GDPR in SAP: Redact rather than Archive?

Jul 13, 2017 10:02:00 AM

How widely will companies provide the Right to be Forgotten? Will this be commonplace in SAP systems? Will companies decide to delete data in SAP anyway, simply to lessen their liability?

This is clearly a story still unfolding. SAP by its very nature doesn’t make deletion of data easy. The data and processes of different departments are so intertwined that there are dependencies everywhere.

The Road to Data Protection and GDPR

Jun 29, 2017 8:58:13 AM

I have worked in the UK utilities industry for the last 15 years, and I've spent the last ten years using SAP in this industry. For the last year I have worked with EPI-USE Labs in SAP Data and Landscape Management. This is a highly complex industry where vast amounts of personal data have to be stored in order to service the customer effectively, but with this amount of data also comes a strong focus on Data Protection Compliance. Over the next year, we are going to see a large change in the requirements for compliance as the General Data Protection Regulation (GDPR) comes into force on 25 May 2018. There is a lot of information available on GDPR, and as mentioned I am not a lawyer or process expert in your business, so I’m not going to promise you the golden bullet to compliance.

GDPR: When is the Right to be Forgotten applicable?

May 25, 2017 11:26:00 AM

I’m watching a wonderful programme at the moment where the opening credits state ‘This is a true story’; then the word ‘true’ disappears a few seconds before the others. Then it follows with something along the lines of ‘the story not being changed to honour the victims, but the names have been changed to protect the innocent’. Strange how the core subject of my days at the moment has morphed into my evenings as well.

GDPR: almost a year to go. What are people aiming for?

May 11, 2017 12:49:00 PM

In my last blog, I wrote about the GDPR compliance projects sprouting up at most companies. We seem to have moved past confusion around whether GDPR will apply after Brexit (the Information Commissioners Office (ICO) has been very clear on this). I’ve even seen a surge in GDPR interest from the US, although at this stage I would say that is about where Europe was in 2016, so I would expect the subject to really gain traction there in 2018.

It’s time to start thinking about GDPR

May 2, 2017 5:08:00 AM

You have probably heard the distant drumbeat of GDPR and the shock headlines of “over 92% of businesses have not prepared for the upcoming GDPR legislation”. Well, whether you’re ready or not, GDPR is coming.

This new legislation will kick in on May 2018, and it has raised some eyebrows due to its somewhat stringent rules and the hefty fines it carries for companies  that don’t take adequate measures, especially for global companies (up to 4% of annual turnover or 20 million Euros, whichever is greater). But if adequate preparation is made by companies in their approach to people’s personal data then this shouldn’t become an issue. If they prepare themselves.

The world wakes up to GDPR: where did it come from?

Feb 6, 2017 9:38:00 AM

Since the start of the year, the volume has definitely been turned up on GDPR. I was speaking to customers and partners about GDPR throughout 2016, but in many cases the start of the conversation was explaining the basics to them (which was often met with some shock and concern). Having enlightened a customer on this topic, I was expecting immediate requests for data analysis services, product demos etc. In my mind, this was such a wide-ranging compliance requirement, and May 2018 was looming ever nearer. I was starting to fret on my customers’ behalf and couldn’t understand why they weren’t.

Data protection by design in the SAP world

Jan 19, 2017 5:03:00 PM

Explicit in the General Data Protection Regulation (GDPR) legislation is the instruction that the protection of sensitive data must be ‘by design’.

In the past, ignorance was never a valid excuse concerning the old legislation, but the fines were so small that companies would happily plead ignorance, and pay the bill.

The Enterprise spread of personal data

Oct 27, 2016 1:53:00 AM

Data across your landscape

The accumulation of data today defies most minds. The amount is staggering… and it has been estimated that 90% of the world’s data has been captured in the last three years! In the enterprise data world, it isn’t just more data being captured, it’s also the same data being stored in multiple places. A company running 'wall-to-wall' SAP could be storing the same name, address or even bank account number in lots of places.