Let's Talk Data Security

Shared by our experts

Protecting consumers: why is GDPR so important?

Jan 9, 2018 6:30:08 AM

Over the festive period, I’ve spent far more time in shops and watching telly than I normally would (and probably should). A couple of things jumped out at me which made me realise the importance of protecting our personal preferences and choices. This may sound like ‘bah humbug’ ranting – but it will come to a point, I promise.

Three ways to protect your SAP data from cyber criminals

Dec 15, 2017 1:43:20 AM

Reduce your attack surface
Security budgets have tripled in the past few years. Yet this is not enough to prevent data breaches. In 2016 alone, over 2 billion records were stolen; hacking expertise is escalating, and there are threats everywhere.  
 

GDPR: the Data Adequacy and Data Minimisation principle

Nov 23, 2017 6:16:57 AM

The Data Protection Act (current law) requires companies to ensure that they only collect the personal data they need for the purposes they have specified. They are also required to ensure that the personal data they collect is sufficient for the purpose for which it was collected.


Retention period: A minimum or a maximum?

Nov 3, 2017 12:33:38 PM


GDPR: are retention periods being considered a minimum or a maximum?

I’ve recently been in several meetings where a Data Protection Officer (DPO) or internal legal advisor has been discussing GDPR with IT team members. Interesting to see people with very different backgrounds and responsibilities discussing the various challenges of GDPR they are facing jointly. Several of the DPOs were keen to stress that a lot of the elements affected by GDPR are already in force as a result of existing country legislation created to comply with  the 1995 Data Protection Directive. For them, GDPR was in many ways welcome, because it’s ensuring that organisations take their obligations very seriously - even if those obligations are already there now, but have perhaps been overlooked.


Ready for GDPR: Non-Production Data Security

Aug 9, 2017 11:21:23 AM

My previous post explains how with the use of Data Sync Manager (DSM) and EPI-USE Labs you can ensure that the Data held in your non-production environments is proportional to its use, and therefore more compliant with Article 5 of GDPR. Of course, being proportionate is not the only method required to prove your compliance with GDPR; you can also consider obfuscating sensitive data. EPI-USE Labs is ready to assist here too.

From my research, Article 89 of GDPR deals with data security; this is a far-reaching topic, and rather than moving into network and security again, I’d like to focus on the SAP data and landscape.


Ready for GDPR: Proportional data usage

Jul 26, 2017 7:15:47 AM

As per my previous post, the deadline for GDPR compliance is looming - and it will affect any company which holds data for a European Union citizen. In this post, I highlight how EPI-USE Labs can help you prepare your non-productive SAP landscape to hold only a “proportional amount of data” for the use case of each system.

What is proportional data?

Under GDPR, a clear use case for the processing of data will be required. In its simplest form, the use case for production would be that real customer data needs to be maintained in order to service that customer.


GDPR in SAP: Redact rather than Archive?

Jul 13, 2017 10:02:00 AM

How widely will companies provide the Right to be Forgotten? Will this be commonplace in SAP systems? Will companies decide to delete data in SAP anyway, simply to lessen their liability?

This is clearly a story still unfolding. SAP by its very nature doesn’t make deletion of data easy. The data and processes of different departments are so intertwined that there are dependencies everywhere.


The Road to Data Protection and GDPR

Jun 29, 2017 8:58:13 AM

I have worked in the UK utilities industry for the last 15 years, and I've spent the last ten years using SAP in this industry. For the last year I have worked with EPI-USE Labs in SAP Data and Landscape Management. This is a highly complex industry where vast amounts of personal data have to be stored in order to service the customer effectively, but with this amount of data also comes a strong focus on Data Protection Compliance. Over the next year, we are going to see a large change in the requirements for compliance as the General Data Protection Regulation (GDPR) comes into force on 25 May 2018. There is a lot of information available on GDPR, and as mentioned I am not a lawyer or process expert in your business, so I’m not going to promise you the golden bullet to compliance.


GDPR: When is the Right to be Forgotten applicable?

May 25, 2017 11:26:00 AM

I’m watching a wonderful programme at the moment where the opening credits state ‘This is a true story’; then the word ‘true’ disappears a few seconds before the others. Then it follows with something along the lines of ‘the story not being changed to honour the victims, but the names have been changed to protect the innocent’. Strange how the core subject of my days at the moment has morphed into my evenings as well.


GDPR: almost a year to go. What are people aiming for?

May 11, 2017 12:49:00 PM

In my last blog, I wrote about the GDPR compliance projects sprouting up at most companies. We seem to have moved past confusion around whether GDPR will apply after Brexit (the Information Commissioners Office (ICO) has been very clear on this). I’ve even seen a surge in GDPR interest from the US, although at this stage I would say that is about where Europe was in 2016, so I would expect the subject to really gain traction there in 2018.