Data Redact is our unique Fiori app which has been specifically developed to address the Right to be Forgotten challenge. As part of our GDPR Compliance Suite for SAP, it quickly and seamlessly redacts field data without affecting referential integrity. This means the data can no longer be identified and linked to a specific individual, but business reporting and referential integrity are unaffected.
Instantly search a SAP landscape to locate, retrieve and present a subject’s data footprint with an encrypted pdf download.BENEFITS
Automated. Fast. Searches all ABAP stack systems (ERP, CRM, SRM, BW etc), including non-SAP systems integrated with the product’s APIs
Proactively finds data subjects for redaction based on flexible rules. Executed ad-hoc or scheduled to automatically run periodically.BENEFITS
Display an ongoing commitment to compliance and leverage retention periods for different data types. Get ahead of erasure requests with a standard policy response.
Sensitive or identifying fields are altered, or cleared, without removing the whole record. Referential integrity is not at risk.BENEFITS
Reporting of non-sensitive data is unaffected, e.g. geographical or gender statistics. Costly archiving projects or custom deletion solutions are avoided.
By redacting fields which are sensitive, or can be used to identify the natural person, the rest of the data can be retained which drastically lowers the impact on reporting and the risk of adverse effects on other business processes or other areas of SAP, such as related CRM systems.
Tackling the Right to be Forgotten with Data Redact
As the data is effectively removed for identification purposes, you can easily and cost-effectively comply with the legislation and the individual’s Right to be Forgotten when you see fit. Once a record has been redacted there is no link back to who the natural person was, and any field which in itself is also sensitive is also redacted. From that point onwards the record has been fully anonymised.
The following three-step process is implemented:
Submit data for redaction
Records identified in Data Disclose or Data Retain are submitted for redaction
A different user role is required to receive those submissions in Redact, review the information, and execute redaction in real time
Retain an audit log
An audit log is retained for a one-month period before being automatically removed
Some existing SAP solutions attempt to address this challenge by blocking access for processing, or perpetual archiving, neither of which are ideal solutions in this scenario - read more in our FAQ response.
Article 17 of the GDPR dictates that individuals have the Right to Erasure (Right to be Forgotten); the right to have personal data erased and to prevent processing in some specific circumstances. Data Redact allows you to remove the sensitive or identifying data without removing the entire record. This makes the process simpler and less invasive. The data is effectively submitted for redaction so the data cannot be identified. Data Redact reactively addresses the Right to be Forgotten.