Data Redact.png Data Redact


    Data Redact is our unique Fiori app which has been specifically developed to address the Right to be Forgotten challenge. As part of our GDPR Compliance Suite for SAP, it quickly and seamlessly redacts field data without affecting referential integrity. This means the data can no longer be identified and linked to a specific individual, but business reporting and referential integrity are unaffected.

    By redacting fields which are sensitive, or can be used to identify the natural person, the rest of the data can be retained, which drastically lowers the impact on reporting and the risk of adverse effects on other business processes or other areas of SAP, such as related CRM systems.

    For many organisations the ability to enforce a retention period on data for ex-employees is very important, and typically driven by the same 'leave date' criteria. The Leaver Report in Redact allows Employees to be automatically selected for Redact submission, based on the number of days since they left the organisation.

    Tackling the Right to be Forgotten with Data Redact

    As the data is effectively removed for identification purposes, you can easily and cost-effectively comply with the legislation and the individual’s Right to be Forgotten when you see fit. Once a record has been redacted there is no link back to who the natural person was, and any field which in itself is also sensitive is also redacted. From that point onwards the record has been fully anonymised.

    The following three-step process is implemented:

    Submit data for redaction

    Records identified in Data Disclose, the Redact Leaver Report or Data Retain are submitted for redaction

    Execute redact

    A different user role is required to receive those submissions in Redact, review the information, and execute redaction in real time

    Retain an audit log

    An audit log is retained for a one-month period before being automatically removed

    Some existing SAP solutions attempt to address this challenge by blocking access for processing, or perpetual archiving, neither of which are ideal solutions in this scenario. 

    Business Benefits

    Article 17 of the GDPR dictates that individuals have the Right to Erasure (Right to be Forgotten); the right to have personal data erased and to prevent processing in some specific circumstances. Data Redact allows you to remove the sensitive or identifying data without removing the entire record. This makes the process simpler and less invasive. The data is effectively submitted for redaction so the data cannot be identified. Data Redact reactively addresses the Right to be Forgotten.

    For more information, please schedule a discovery session, watch our on-demand GDPR webinars or learn more about our GDPR consulting services.