Let's Talk Data Security

Shared by our experts
2 minute read

The CCPA is here, and your SAP system is not compliant. Now what?

Jan 22, 2020 4:01:17 AM

Since its hasty inception, the California Consumer Privacy Act (CCPA) has stirred up debate across the United States. As more states develop data privacy laws, many businesses struggle to comply with laws that often contradict each other. Read on to learn how the CCPA impacts you.

  1. The CCPA landed on 1 January 2020
  2. Am I supposed to comply?
  3. What can I do to comply with the CCPA?
    1. I have no data privacy program
    2. I am busy implementing a program in line with GDPR or other legislation
    3. I have a fully developed data privacy program
  4. Need some help?
  5. Disclaimer

2 minute read

Is S/4 your first major project since GDPR came into effect?

Nov 6, 2019 6:47:09 AM

All IT projects must have ‘privacy by design’, and S/4 is on everyone’s horizon

I was recently at SAP Teched 2019 in Barcelona, and of course the message was very heavily ‘Cloud’ and S/4. It was interesting to see some detailed information about very large SAP environments that have now gone to S/4, and also noticeable how many people were present to hear about those. The tipping point seems to have been reached now, and an S/4 project is clearly planned by most SAP customers, if it isn’t already underway.

2 minute read

Date Scrambling on Infotype 41 Date Specifications

Oct 1, 2019 6:46:49 AM

Every implementation of our software can throw up unique test data masking requirements. In this blog, one of our senior consultants Adan Willemse explains how Infotype 41 data had to be accurately masked in the test system, without devaluing the quality of the test data. In years gone by, this would have had us reaching for the ABAP exit functionality to code a solution, but with Data Secure 3, powerful masking rules can be built by anyone with knowledge of the data model, without the need for programming skills.

- Paul Hammersley, VP of ALM Portfolio at EPI-USE Labs

Infotype 41 challenges

SAP HCM customers are familiar with the Infotype 41 Date Specifications screen that stores many of an employee's key dates. We have blogged about the challenges of working with this infotype in the past from a reporting standpoint (see this blog about Fixing duplicate line reporting in SAP HCM).

3 minute read

The future of the CCPA: What about a Federal law?

Sep 27, 2019 6:16:55 AM

This blog discusses the potential issues around implementing CCPA compliance if a superseding federal law is enacted. It covers:

5 minute read

What's popping with POPIA?

Sep 18, 2019 6:26:02 AM

In this blog post, we provide a quick overview of the POPI Act, how it differs from GDPR, and practical steps you can take towards POPI compliance, specifically for SAP systems.

2 minute read

SAP data redaction for GDPR: it’s scary!

Aug 7, 2019 1:57:10 PM

Controlling the risk

As we all know now, GDPR (the General Data Privacy Regulation) has brought in the requirement that every company has to be able to remove data both proactively, against retention criteria, and reactively, in response to an individual’s request, where no legal reason to hold the data remains. Similar requirements are apparent in other global data privacy legislation. For the last two years, I have been running implementations throughout Europe of the EPI-USE Labs’ solution to this challenge.

2 minute read

A stark reminder of the rules: BA faces eye-watering GDPR fine

Jul 8, 2019 8:43:17 AM


British Airways given £183 million fine for data breach – the first public GDPR fine in the UK

In the sunrise period for GDPR (the General Data Protection Regulation), it was a hot topic not just in the industry, but temporarily in the mainstream media as well. People with no interest in IT, never mind data security, were aware of the law and interested to see what was going to happen. A bit like how we all become Tennis aficionados for two weeks during Wimbledon. Since then, with (relatively speaking) small fines being issued which occurred under the old laws, the subject had left the mainstream again until today, with the news that the Information Commissioners Office (ICO) has handed down a fine of £183 million to British Airways (BA).

2 minute read

It’s a tricky balance: what CAN and MAY you test?

Jul 1, 2019 4:54:42 AM

You MAY not do testing with personal data...and many people say they CAN not do testing with anonymised data. But there is a balance between the two; you are both allowed to and able to do testing with data which is both realistic and scrambled.

The General Data Protection Regulation (GDPR) that came into effect in May 2018 has changed the world’s view on data privacy. Every organisation that is either doing business with European Union citizens, or based within the EU, has spent many hours on the topic. It has changed the way we think about and act on personal data, from both a personal and business view.

2 minute read

Data Processing Agreements for SAP are changing. Don’t be caught out.

Jan 14, 2019 7:03:24 AM

Are you compliant with the terms of your SAP support contract?

One of my colleagues shared with me an excerpt from the SAP Cloud Services Data Processing Agreement (DPA), which states, “This DPA does not apply to non-production environments of the Cloud Service if such environments are made available by SAP, and Customer shall not store Personal Data in such environments.”

I decided to also look at some of the other SAP data processing agreements, and found similar language in their support and professional services DPAs:“Customer shall not grant SAP access to Licensee systems or personal information (of Customer or any third party) unless such access is essential for the performance of SAP Services. Customer shall not store any Personal Data in non-production environments.”

SAP customers have recently been receiving emails highlighting these changes to terms and conditions, requiring customers to take action very soon.

1 minute read

The SAP GDPR Journey: Next stop… Brexit

Jan 11, 2019 10:15:10 AM

The news in Europe is abuzz with Brexit and the many complexities around it. One of the many questions companies are considering is how compliance with GDPR is affected by Brexit...