Comply with data privacy legislation: 
Data Privacy Suite for SAP solutions

Our innovative data privacy and compliance solution helps companies with SAP® systems comply with legislation like
GDPR (the General Data Protection Regulation) and other data privacy legislation. 

   GET ASSESSMENT   WEBINAR: DATA PRIVACY IN SAP

global_privacy_laws_map_animation_website_loop_08_29_23_001_iteration_1

In accordance with latest information available as of September 2023

The global privacy landscape is changing rapidly, in line with how data is used and shared in our modern world. Across all recent (and forthcoming) privacy acts/regulations, there are consistent rules dealing with:

  • A data subject’s right to access the information you hold
  • A data subject’s right to request removal and/or correction of the data held
  • The need for proactive management of Personally Identifiable Information (PII)
  • Informed and explicit consent from data subjects on how their data is being used.

These changes are complex for any company using larger ERP platforms like SAP, because of the integrated data model used to provide ERP solutions. As experts in the SAP data model, we provide targeted solutions for the challenges faced in complying with data privacy laws.

What are your challenges in SAP data privacy and security?

  • Increase data privacy compliance in SAP
  • Respond to the Right to Access/Removal in Production systems
  • Scramble data in non-production systems
  • Improve and understand your data privacy and security risks
  • Drive business-centric GRC for SAP

Increase data privacy compliance in SAP

How can you increase data privacy compliance in SAP?

The aim of any privacy project is to increase compliance with the required data privacy laws within the company’s jurisdiction. And SAP’s structure makes addressing data privacy compliance particularly tricky. One of the most compelling reasons for data privacy compliance is the enforcement fines; the new laws provide for high financial sanctions to be applied by legal bodies. 

We have been implementing privacy projects around the globe in multiple industries for over 20 years, and have identified essential steps in a common project approach:

  • Identify your risks: Impact and risk assessment
  • Find and map your PII
  • Review access Risk and Controls
  • Clean up the backlog in Production
  • Manage PII in Production copies
  • Handle Data Subject Access Requests (DSARs)
  • Process individual requests for removal
  • Proactive identification of Data Subjects
  • Ongoing audit and review

Respond to the Right to Access/Removal in Production systems

Respond to the Right to Access/Removal in Production systems

Whether you’re adhering to PDPA in Thailand, one of the state laws in the USA, or GDPR in Europe, you are required to provide a response to the Right to Access and deletion of personal data from your environment.

The Right to Removal does not overrule any of your other legal and compliance requirements, such as keeping records for tax audit. You now need to find a way to validate if data is required for any other legal reason, and if not, remove sensitive data from your system.

SAP presents a challenge in data removal; as a relational database, the sensitive data is intrinsically linked with your business transactions. So traditional ways of archiving or deleting mean you need to remove your transactions and master data completely.

EPI-USE Labs provides an alternative in Data Redact, removing the PII from records but leaving the referential integrity of the solution. And Data Disclose provides effective PII mapping in a PDF output, allowing an efficient process to respond to the Right to Access.

Scramble data in non-production systems

Scramble data in non-production systems

Every business needs to test their processes, whether it’s the annual payroll taxation updates, service pack upgrade or new customizations. You don’t want to find out you have an issue with the new processes in Production; so most businesses will take a copy of their Production systems and create test environments.

The number of testing environments varies depending on the business, but a typical set-up would be to have

  • Development with limited to no real data
  • Quality a reduced data copy from Production
  • Pre-production a full copy of the Production database.

The new privacy laws state that you must have informed and explicit consent for the use of the data relating to data subjects. In our experience, most businesses do not have this consent for using data for testing purposes. Even if you did have a consent process there is an additional challenge in understanding what to do for a no-consent response from a data subject.

We recommend data anonymisation with Data Secure, providing direct in-place data anonymisation, or the ability to scramble on exit when linked with Client Sync, part of the Data Sync Manager Suite.

Improve and understand your data privacy and security risks

Improve and understand your data privacy and security risks

To solve a problem, you first need to understand the problem. For both data privacy and security, you need to understand the risks you hold in your business process and your IT estate.

Consider your business processes and security risks. For example, do your front office or HR colleagues take notes during calls? If so, what is the security process for those notes? Are you following best practice for data security throughout your business? 

Regarding your IT estate, three primary considerations are:

  • External threat: Network and infrastructure security such as firewalls or VPN protection.
  • Internal threat: The risk of access to data in the network / SAP system.
  • Compliance risk: Where is your PII and how is it being managed?
Our comprehensive SAP data privacy assessment service provides transparency about the Internal and Compliance risks for your business.

Drive business-centric GRC for SAP

Drive business-centric GRC for SAP

Governance, Risk and Compliance (GRC) solutions take many aspects of access risk into account. We are partnered with Soterion, offering a fast, efficient analysis of your GRC risks with standard delivered rulesets to cover:

  • Segregation of Duties (SoD)
  • Privacy: users accessing sensitive data
  • Cross-jurisdictional data access
  • Critical transaction risk.

These solutions can integrate between SAP and cloud applications (such as SAP SuccessFactors) to provide a holistic view of your access risk.

Soterion also offers assessment of your system licences, firefighter access processes and more.

Find and map your sensitive SAP data and benchmark your access risks

Understand, identify and map your Personally Identifiable Information (PII) with EPI-USE Labs’ SAP data privacy assessment service.

GET ASSESSMENT     read more

Data Privacy Suite for SAP solutions

Our Data Privacy Suite for SAP solutions leverages our industry-leading Data Sync Manager™ Suite which offers a semantic understanding of your SAP environment and provides data sub-setting and secure rule-based masking capabilities. Data Disclose, Data Redact and Data Retain are built on a solid foundation of existing technology and Intellectual Property to help you comply with global data privacy legislation like GDPR, CCPA and POPIA. 


Learn about Data Secure
Learn about Data Disclose
Learn about Data Redact
Learn about Data Retain

How to comply with data privacy laws in SAP

SAP is one of the most robust systems in the world, but also one of the most complex, as SAP has purchased and integrated many diverse components and solutions over the years. SAP’s structure makes addressing data privacy compliance particularly tricky. Detailed domain knowledge is required to map and understand the cross-functional integration of multiple SAP objects and systems.

EPI-USE Labs has been an SAP partner for over 30 years, and has an in-depth understanding of how SAP data is structured. We have developed detailed knowledge of the different versions of SAP, including their uses and intricacies, and our integrity mapping is defined both on the individual field level and between systems. Since 2000, we have helped our clients comply with data privacy laws, scrambling non-production data copied out of Production systems. We also address the de-sensitisation of data in Production with our redaction technology.

Our Data Privacy Suite for SAP solutions leverages our industry-leading Data Sync Manager™ Suite, which is certified by SAP for 'Integration with SAP S/4HANA®' and 'Integration with SAP S/4HANA Cloud®'.  Our global Professional Services team has certifications in CISSP, CIPPT and CIPPM. Combined with extensive project experience across multiple countries and industries, we can give you expert guidance on your data privacy challenges.

Why not get a free assessment on your data today?

sap-s4-hana-certified
SAP_Certi_Integration_SAPS4HANA_Cloud_R
sap-certified-powered-by-netweaver

 

Explore case studies from satisfied clients

JM adopts solutions to comply with GDPR

Nordic company JM adopts EPI-USE Labs’ Data Sync Manager and Data Privacy Suite to develop an efficient programme to scramble and redact sensitive data in their SAP systems, for complying with GDPR regulations.

Learn more

MAPA (including BILLY BOY): 

Customized protection for sensitive SAP HCM data. “Data Secure anonymizes our SAP test data quickly and easily”

Learn more

Keeping law and order in Avon and Somerset Constabulary’s data

"We enjoy working with EPI-USE Labs as they are responsive to our requests. They have brought us invaluable guidance."

Learn more

Rabobank banks on DSM for regulation compliance

"In addition to the key scrambling requirement, using Data Sync Manager has resulted in a disk space saving of 5TB in total, and we also save more than ten hours per refresh."

Learn more

Find out how you can become compliant with data privacy laws.