Let's Talk Data Security

Shared by our experts

Approaching HCM data in the shadow of GDPR

Jul 11, 2018 1:09:40 PM

After my last piece about data removal, I’ve had a lot of conversations about HCM data removal, and so I decided to delve a little deeper into HCM data and what the GDPR may mean there.

Current, previous and potential future employee data is a really interesting area for data privacy.


Welcoming in the GDPR

May 25, 2018 12:30:00 AM

The end of the world as we know it...or not

So, I woke up this morning and still had two arms and legs, and a desperate need for a coffee. The world didn’t end (or if it did, you wouldn’t be reading this anyway so a small factual inaccuracy won’t matter). Things have changed – but I think it’s been a gradual shift of mindset and prioritisation of data privacy and all that surrounds it. With any gradual change, you have to take a step back to actually see how much things have changed.


Proactive removal of data - now and forever more

Apr 20, 2018 5:53:17 AM



The here and now

Time flies when you’re having fun! Since we started out on our little GDPR journey, developing software and services to help customers with some of the requirements, the data privacy landscape has changed immeasurably. At the beginning everyone questioned whether it could really go ahead in that form; business leaders and politicians complained that it was too harsh and would damage the economy. But as we draw close to the end of the sunset period there are almost daily reminders in the news about why GDPR is very much needed.


What does GDPR mean for global companies?

Mar 6, 2018 1:31:14 PM

Gartner predicts that by the end of 2018, more than 50 percent of companies affected by GDPR (the General Data Protection Regulation) will not be in full compliance with its requirements. Having been contacted recently by a number of global clients about GDPR, I’ve realized that there’s still a misconception that GDPR only applies to companies based in the UK or Europe.  


Protecting consumers: why is GDPR so important?

Jan 9, 2018 6:30:08 AM

Over the festive period, I’ve spent far more time in shops and watching telly than I normally would (and probably should). A couple of things jumped out at me which made me realise the importance of protecting our personal preferences and choices. This may sound like ‘bah humbug’ ranting – but it will come to a point, I promise.

Three ways to protect your SAP data from cyber criminals

Dec 15, 2017 1:43:20 AM

Reduce your attack surface
Security budgets have tripled in the past few years. Yet this is not enough to prevent data breaches. In 2016 alone, over 2 billion records were stolen; hacking expertise is escalating, and there are threats everywhere.  
 

GDPR: the Data Adequacy and Data Minimisation principle

Nov 23, 2017 6:16:57 AM

The Data Protection Act (current law) requires companies to ensure that they only collect the personal data they need for the purposes they have specified. They are also required to ensure that the personal data they collect is sufficient for the purpose for which it was collected.


Retention period: A minimum or a maximum?

Nov 3, 2017 12:33:38 PM


GDPR: are retention periods being considered a minimum or a maximum?

I’ve recently been in several meetings where a Data Protection Officer (DPO) or internal legal advisor has been discussing GDPR with IT team members. Interesting to see people with very different backgrounds and responsibilities discussing the various challenges of GDPR they are facing jointly. Several of the DPOs were keen to stress that a lot of the elements affected by GDPR are already in force as a result of existing country legislation created to comply with  the 1995 Data Protection Directive. For them, GDPR was in many ways welcome, because it’s ensuring that organisations take their obligations very seriously - even if those obligations are already there now, but have perhaps been overlooked.


Ready for GDPR: Non-Production Data Security

Aug 9, 2017 11:21:23 AM

My previous post explains how with the use of Data Sync Manager (DSM) and EPI-USE Labs you can ensure that the Data held in your non-production environments is proportional to its use, and therefore more compliant with Article 5 of GDPR. Of course, being proportionate is not the only method required to prove your compliance with GDPR; you can also consider obfuscating sensitive data. EPI-USE Labs is ready to assist here too.

From my research, Article 89 of GDPR deals with data security; this is a far-reaching topic, and rather than moving into network and security again, I’d like to focus on the SAP data and landscape.


Ready for GDPR: Proportional data usage

Jul 26, 2017 7:15:47 AM

As per my previous post, the deadline for GDPR compliance is looming - and it will affect any company which holds data for a European Union citizen. In this post, I highlight how EPI-USE Labs can help you prepare your non-productive SAP landscape to hold only a “proportional amount of data” for the use case of each system.

What is proportional data?

Under GDPR, a clear use case for the processing of data will be required. In its simplest form, the use case for production would be that real customer data needs to be maintained in order to service that customer.