part of the groupelephant.com family

beyond corporate purpose

The countdown has begun...

  • 00

    days

  • 00

    hours

  • 00

    minutes

  • 00

    seconds

The move towards the implementation of General Data Protection Regulations is gathering momentum and a great deal of information has been put on the Internet making it easy to become mired in vast amounts of detail. To help you focus, we've chosen a few of the most important issues here.

Personal Data Rights

The main emphasis of GDPR is on Personal Information. GDPR aims to protect personal data rights such as the right to be informed, the right of access, the right of rectification, the right to erasure (aka the right to be forgotten), the right to strict processing, the right to data portability, the right to object and rights to automated decision making and profiling. Organisations collecting, storing and processing personal data will have to obtain explicit, informed consent to do this from the individual, and every company needs to be able to demonstrate compliance with the guiding principles of the regulation.

Because people have the right to demand details regarding their data being stored, organisations will have to know which personal data is stored, where it is stored and for what purpose. The ability to find this data is thus crucial.
 

 
 



Ensure data protection by design





Key requirements for GDPR

- Consent for storage must be given by the data subject
- Consent must be explicit
- Each individual has “the right to be forgotten”
- Compliance must be demonstrated
- Notification of data breaches must be provided

Data privacy must be by design

Organisations wishing to store data must have explicit consent from the subject of the data. The reason for storing it must be transparent and the data subject has the authority to block processing while concerns are dealt with, as well as to request the removal of the information from the system. There is nothing to say that data must be anonymised - the law is not that prescriptive - which is causing some confusion - however, the law does say that there must be documentation showing that data protection is by design and that processes comply with the rights of the data subject. 

From 25th May, 2018 the new law takes effect with far-reaching consequences for any organisation storing personal data. Compliance will be non-negotiable and organisations that experience data security breaches will face fines .

Don´t become a data target

The difficulties will start when someone requests to see where their personal data is being kept in an IT system. Let’s complicate that; let’s say your organisation receives ten requests or even 100 requests to locate sensitive, personal data. Imagine having to log into a number of SAP systems systems to download table entries or take screenshots to show the data subject’s footprint. How many password resets will be required? Do you know all the places to look? And how long will this take?

Your challenges

  1. The complexity, volume and sheer scale of GDPR.
  2. Every GDPR compliance project is different, depending on the industry, existing IT systems, usages of data, etc.
  3. While the GDPR is comprehensive, there are many areas that are neither detailed or prescriptive. It doesn't specifically tell organisations what to do. It is up to organisations to analyse their systems, processes and data and work out what to do for themselves.

How GDPR affects SAP systems

It’s not easy for SAP systems to comply with the demands of GDPR because of its architecture. SAP stores information in an intricate and tangled way. Data is stored and replicated across the system in many places, such as customer master, business partner, change document tables, and so on. SAP is also highly configurable, so when it is implemented, the way in which this happens dictates which tables and fields the data will be stored in. An additional complication is that there are often multiple copies of systems. The data might be in z-tables and the only way this can be verified is to get into that system.

Become the GDPR hero

We can give you the ammunition to get buy-in internally. Why not ask your boss or your boss’s boss to come see their own footprint report. Did you know your home address is in our development system?
We’ll help you shine a light on the dark dusty corners of your SAP system so they see exactly where the data resides across systems. We also offer guidance and best practice. The many and varied IT systems mean that a “one size fits all” approach is not possible so let us share our expertise and experience to help you stay ahead of the game.

Introducing Data Disclose

Locate and display data across your SAP systems in seconds!
Data Disclose is a unique product from EPI-USE Labs that finds, retrieves and presents a data subject’s footprint across SAP systems, (as well as non-SAP systems, if integrated with the latter’s API - this can be covered by EPI-USE Labs as part of their service).

It is able to do this in a matter of seconds across SAP ERP, CRM, BW systems. You have much more to take care of so let EPI-USE Labs take this off your plate. The peace of mind Data Disclose brings is beyond value, especially when weighed-up against the stringent requirements of the new laws.

EPI-USE Labs’ GDPR guidance

Right now we offer the following:

    • - Data Disclose
    • - Data Secure
    • - Knowledge and direction on where data is stored in SAP
    • - Understanding the affected data types
    • - Guidance on choices and processes to meet GDPR requirements
    • - Data removal services
    • - GDPR Awareness workshops

 

Don’t delay

“The time to repair the roof is while the sun is still shining.” – J.F. Kennedy

The deadline for compliance with GDPR is 25th May 2018.
The requirements of GDPR go to the very core of your IT systems, because they need to be built into the design. Between now and the 25th May is not a long time to undertake a project that will affect your CRM systems, your ERP systems and customer first line support. Whole, new business processes will need to be put into place. Importantly, you will need an auditor to scrutinise your security arrangements and the closer we get to the deadline, the less likely you are to find an auditor. Every organisation should be devising a plan to meet the requirements and they should already be assigning key roles and responsibilities to that plan.

EPI-USE Labs will take the hassle out of GDPR. Our knowledge, experience, expertise and products will help you sleep peacefully at night in the knowledge that everything is under control. Contact us today.

 

Contact Us

Thank you for your interest in EPI-USE Labs. Please complete the form with your specific request for more information.

Contact us for detailed information

All fields required.

First Name
Invalid Input

Last Name
Invalid Input

Email Address
Invalid Input

Company
Invalid Input

Country
Invalid Input

Invalid Input

I Would like to be placed on your marketing list. Our Privacy Statement