20220727 JM Success Story_banner image

JM adopts solutions to comply with GDPR

Nordic company JM adopts EPI-USE Labs’ Data Sync Manager and Data Privacy Suite to develop an efficient programme to scramble and redact sensitive data in their SAP systems, for complying with GDPR regulations.

Effective business processes to comply with GDPR

Automatic removal of sensitive data outside retention period

Reduced risk: test systems
no longer have sensitive data

The key thing here has been that we can keep all our data but remove all the sensitive parts of it. The EPI-USE Labs solutions have brought us great benefits.

Richard Wenell
Head of IT department, JM

About JM

JM is one of the leading developers of housing and residential areas in the Nordic region. Operations cover production of new homes, with a focus on expanding metropolitan areas and university towns in Sweden, Norway and Finland.

Data Sync Manager demo    Data Privacy demo      DOWNLOAD SUCCESS STORY

The challenges of protecting sensitive personal data

In 2015, JM was facing the challenge of protecting personal data integrity and avoiding General Data Protection Regulation (GDPR) penalties, in the following areas:

JM-SS-infographic-EN-3

 

The team at JM decided to make some positive changes to comply with GDPR, notably:

  • focus on business owners instead of IT systems
  • fund improvements to information security
  • provide helpful software tools
  • make the improvement project a top priority for everyone.

We involved EPI-USE Labs early in the project, developing requirements and specifications interactively.

Richard Wenell
Head of IT department, JM

Solutions to manage and redact personal data

JM selected Object Sync™ and Data Secure™, part of the Data Sync Manager™ (DSM) suite, to copy and scramble subsets of data for testing and training purposes. By reducing their data footprint in non-production environments, they can remove personal data from their test environments. Additionally, for GDPR compliance it is important to show data protection by design and by default. By using DSM for refreshing data in the non-production system, JM can demonstrate this principle.

JM now also uses Data Disclose™, Data Redact™ and Data Retain™, part of the Data Privacy suite. Data Disclose is used for Subject Access Requests (to comply with GDPR Article 15). The JM team is able to search their SAP systems, and provide a branded PDF document detailing the individual’s data stored in their systems. Data Redact, which is used to redact the data that identifies an individual (to comply with GDPR Article 17 and the right to erasure), allows JM to respond to any removal requests. It also enables JM to redact any personal data in their SAP systems that falls outside their data retention policies, regularly and proactively.

JM partnered with EPI-USE Labs to be a ramp-up client for Data Retain, which provides a visual UI for configuring and running retention rules, and submissions to Data Redact for keys that are due for redaction.

EPI-USE Labs was also able to assist with the initial mass clean-up across several data sets, including Customers, Vendors, Employees and Accounting Documents, using their System Landscape Optimisation capabilities.

Our business transactions can span over a long time – some over 30 years – and we wanted to keep the data, while removing the sensitive parts we didn’t need. EPI-USE Labs’ Data Privacy suite allowed us to do this.

Richard Wenell
Head of IT department, JM

Ongoing compliance with GDPR

JM has been able to use EPI-USE Labs’ solutions to support their business processes and comply with GDPR demands in areas where data was at risk, and within a short timeframe:

  • A proactive approach removes sensitive data automatically, as soon as it is outside its retention period.
  • Test systems no longer contain sensitive data, lowering the risk of breaches by internal users or partners accessing non-production environments.

JM’s next step in their GDPR journey is to implement information security routines in operations. Working with EPI-USE Labs, they plan to set up retention programmes in their SAP systems.

Data Sync Manager demo    Data Privacy demo      DOWNLOAD SUCCESS STORY

With the EPI-USE Labs’ approach, we can anonymise and redact sensitive data rather than archive, meaning business transactions may stay in the system without being related to an identifiable individual. Now, when starting projects we have frameworks for how to do information sensitivity and risk analyses, and from there come the requirements on the IT side, including the sensitivity of data – the complete information security perspective.

Richard Wenell
Head of IT department, JM

GDPR compliance success stories

Service Provider Success-Story

Global Service Provider

View Success Story

MAPA_SS_NL

MAPA GmbH

View Success Story

Copenhagen

VELUX group

View Success Story