Data Redact is our unique Fiori app which has been specifically developed to address the Right to be Forgotten challenge. As part of our GDPR Compliance Suite for SAP, it quickly and seamlessly redacts field data without affecting referential integrity. This means the data can no longer be identified and linked to a specific individual, but business reporting and referential integrity are unaffected.
Learn more about Data Disclose
Instantly search an SAP landscape to locate, retrieve and present a subject’s data footprint with an encrypted PDF download.BENEFITS
Automated. Fast. Searches all ABAP stack systems (ERP, CRM, SRM, BW etc), including non-SAP systems integrated with the product’s APIs
Learn more about Data Retain
Proactively finds data subjects for redaction based on flexible rules. Executed ad-hoc or scheduled to automatically run periodically.BENEFITS
Display an ongoing commitment to compliance and leverage retention periods for different data types. Get ahead of erasure requests with a standard policy response.
Learn more about Data Redact
Sensitive or identifying fields are altered, or cleared, without removing the whole record. Referential integrity is not at risk.BENEFITS
Reporting of non-sensitive data is unaffected, e.g. geographical or gender statistics. Costly archiving projects or custom deletion solutions are avoided.
By redacting fields which are sensitive, or can be used to identify the natural person, the rest of the data can be retained, which drastically lowers the impact on reporting and the risk of adverse effects on other business processes or other areas of SAP, such as related CRM systems.
For many organisations the ability to enforce a retention period on data for ex-employees is very important, and typically driven by the same 'leave date' criteria. The Leaver Report in Redact allows Employees to be automatically selected for Redact submission, based on the number of days since they left the organisation.
Tackling the Right to be Forgotten with Data Redact
As the data is effectively removed for identification purposes, you can easily and cost-effectively comply with the legislation and the individual’s Right to be Forgotten when you see fit. Once a record has been redacted there is no link back to who the natural person was, and any field which in itself is also sensitive is also redacted. From that point onwards the record has been fully anonymised.
The following three-step process is implemented:
Submit data for redaction
Records identified in Data Disclose, the Redact Leaver Report or Data Retain are submitted for redaction
A different user role is required to receive those submissions in Redact, review the information, and execute redaction in real time
Retain an audit log
An audit log is retained for a one-month period before being automatically removed
Some existing SAP solutions attempt to address this challenge by blocking access for processing, or perpetual archiving, neither of which are ideal solutions in this scenario.
Article 17 of the GDPR dictates that individuals have the Right to Erasure (Right to be Forgotten); the right to have personal data erased and to prevent processing in some specific circumstances. Data Redact allows you to remove the sensitive or identifying data without removing the entire record. This makes the process simpler and less invasive. The data is effectively submitted for redaction so the data cannot be identified. Data Redact reactively addresses the Right to be Forgotten.