FAQs: Data Privacy Suite for SAP solutions

Yes, with Data Sync Manager 5, Data Secure has been fully integrated to Client Sync and Object Sync, as well as allowing in-place object masking and in-place client masking to happen automatically and before the data leaves production. This means the policies put in place will always be adhered to no matter how the data reaches the test system. Great information to share with an auditor!

Yes, there are several ways a non-SAP system can be connected to Data Secure to carry out masking outside of SAP systems. Depending on the non-SAP platform, EPI-USE Labs can provide options for how best to extend the masking scope. This can be done by your company using APIs or EPI-USE Labs can provide services to assist.

Absolutely. Data Secure can also run as an in-place solution, which means it can perform a mass operation on any client, regardless of how it was created. Data Secure has been optimised for high performance.

Custom rules can be created quickly and easily using delivered transformation functions or you can create your own functions using the highly intuitive Labscript formula language cutting out the need for custom ABAP code. Custom rules can also be shared with other community users on Client Central.

Yes, Data Secure leverages EPI-USE Labs’ leading Intellectual Property (IP) built over the last twenty years, which has mapped the SAP data model. Leveraging this powerful semantic model, the solution can maintain field and data integrity across systems and applications. It also pre-delivered iMaps and rules for an accelerated implementation that allows for consistent scrambling of data in the non-production systems.

For example, if you have a customer record that you anonymise with Data Secure, all the values will be consistently changed to a new value that does not contain Personally Identifiable Information (PII).

No, as an SAP-certified Add-on solution, Data Secure is installed directly to your SAP environment via a transport. No data is held outside SAP.

Yes, for most SAP customers, the SAP ERP system is just part of their environment. They also have CRM, SRM, and sometimes non-SAP systems or cloud systems. And when setting up test data, they need to make sure that the data is consistent across all of those test environments using the same masked values for the same people. That's why Data Secure allows you to do consistent masking and distribute it across the different SAP environments, but also beyond into non-SAP and cloud systems, ensuring that testing is accurate, but without using real personal data.

No, as an SAP certified add-on installed directly to your SAP environment there is no additional hardware or servers. Transports are made available on our support portal and applied directly to your SAP environment.

Yes, Data Secure is a mature SAP add-on solution that is installed in your SAP landscape via a SAP transport and executed through a user-friendly SAP GUI interface. The interface guides the user to execute and monitor all obfuscation runs. Access to the functionality is granted via SAP authorisations.

Yes, Data Secure is part of the Data Sync Manager Suite, that is SAP Certified.

Data Secure does not have impose a limit when it comes to size. We have not received any scaling issues to date. We have some clients that have recorded scrambling 80TB of data. As data is processed within the ABAP stack on the DB no limiters are in place. Data Secure is a solution that will scale with your business

Data Secure runs without issues at many SAP customers globally. If you do run into issues, it can normally be down to a combination of Infrastructure restrictions, including number of Processors, Disk I/O limitations, number BTC processes available and supported and potentially specific indexes required for integration of data. During implementation, EPI-USE Labs will help set up the system so that you can run it yourself afterwards and make sure you are aware of any considerations. If you still experience performance bottlenecks, contact us via Client Central for support.

The cost of Data Secure is based on production system size. It is a subscription software license paid annually in advance. If you are interested in learning more about the cost, EPI-USE Labs will assign an Account Executive to your account so you can provide you with a detailed cost breakdown.

Yes, Data Secure works on both ECC and SAP S/4HANA. Data Secure is part of the  Data Sync Manager (DSM) suite that has held multiple Certifications with SAP since 2012. 

No. While it is built for the SAP environment (including SAP ERP, CRM, SRM, BW, and any other ABAP-stack systems), Data Disclose can also search across non-SAP systems if they are integrated via API. This allows you to have a complete report of a person's data footprint. 

Data Disclose is engineered for speed, and is capable of finding, retrieving, and presenting a subject's data footprint in seconds across complex, highly configurable SAP systems. The landscape size and complexity will determine the total speed.

Data Disclose will display the initial search results in the SAP system in a table format. You can then save the data in an encrypted, company-branded PDF, ensuring the security and integrity of the sensitive information disclosed. You can include descriptions, by system, of how the data is used, to provide clear evidence of why you are storing the data in that system. 

Yes, Data Disclose leverages the same semantic model that other EPI-USE Labs solutions use, such as Data Sync Manager (DSM) and Data Secure. This is the foundation for mapping your complete data footprint across your SAP landscape. 

SAP systems store data in an intricate way, often with data replicated across many different places. The proprietary technology used for Data Disclose is specifically designed to navigate this complexity, ensuring all instances of the data subject's information are located across the system.

Data Disclose is a unique software application (SAP third-party solution) that organizations can deploy to locate and display data themselves. EPI-USE Labs also offers a range of SAP data privacy services. For example, if you would like to do an in-depth assessment of where you have Personal Identifiable Information (PII) data in the system, EPI-USE Labs can do a service to find, map and explain how your customizations have impacted your Privacy posture. 

Data Redact is specifically developed to address an individual's Right to Erasure, commonly known as the Right to be Forgotten (GDPR Article 17). It achieves this by anonymizing personal data to prevent processing and identification. This has been accepted by GDPR enforcers as a sufficient method to comply with GDPR regulations. The benefit of this method is that it keeps the data integrity for long-term reporting, while adhering to the data subject's Right to be Forgotten. 

A core feature of Data Redact is its ability to redact field data without affecting referential integrity. The solution ensures that while the sensitive data is anonymized, the remaining data structure and links for business reporting and related processes remain intact.

By redacting only the sensitive fields, the rest of the data can be retained. This approach drastically lowers the impact on historical reporting and minimizes the risk of adverse effects on interconnected business processes or related SAP/CRM systems.

Data Redact replaces the sensitive or identifying field values with non-sensitive or non-identifying values. This process effectively anonymizes the record, eliminating the link back to the natural person without requiring the physical removal of the data record itself.

Yes. Data Redact includes a Leaver Report feature that allows organizations to automatically select ex-employees for redaction submission based on a defined retention period (e.g., number of days) since their departure date.

Data Redact provides a more targeted and less invasive solution compared to some existing SAP methods, e.g. perpetual archiving, deletion, or simply blocking access. Data Redact's implementation tends to be shorter and more cost-effective because it is more targeted, than, for example SAP ILM.  

Yes. While specifically developed with GDPR in mind, Data Redact's functionality for redacting and anonymizing sensitive data is applicable to, and helps organizations comply with, other global data privacy regulations that mandate similar Right to Erasure requirements. 

No. Once a record has been fully redacted, it is fully anonymized, and there is no longer a link back to the original natural person, ensuring permanent compliance with the Right to be Forgotten. 

Data Retain is a component of the Data Privacy Suite for SAP solutions that enables organizations to proactively manage data retention policies by using flexible, pre-determined business rules to identify data subjects that are due for redaction. 

While Data Redact performs the redaction itself, Data Retain proactively identifies the data subjects whose retention period has expired, allowing organizations to get ahead of erasure requests and establish a standard, ongoing policy response to the Right to Erasure. 

Data Retain operates on a periodic, automated basis determined by the organization's business requirements. It applies configured rules to the data landscape to automatically identify the sets of data now due for redaction. These retention rules are highly configurable to suit your organisation's policies.

Data Retain shifts data privacy compliance from a reactive, request-driven process to a proactive, rule-based approach. This demonstrates an ongoing commitment to compliance, and minimizes the organizational burden of managing individual erasure requests as they arrive.

Yes. Data Retain's highly configurable rule engine allows for the application of distinct retention periods for many different data types and categories of data subjects, accommodating varying regulatory and statutory hold requirements.

Data Retain is the policy enforcement and identification engine. While it identifies the data that must be addressed, the subsequent action – whether it is redaction (via Data Redact) or mass data removal (via related EPI-USE Labs services) – is handled by other tools or processes by EPI-USE Labs.