JM adopts solutions to comply with GDPR

The challenges of protecting sensitive personal data

In 2015, JM was facing the challenge of protecting personal data integrity and avoiding General Data Protection Regulation (GDPR) penalties, in the following areas:

• Customer information and transactions
• Customer service
• Employee information
• Vendor relationships and transactions
• Marketing and communication

The team at JM decided to make some positive changes to comply with GDPR, notably:

• focus on business owners instead of IT systems
• fund improvements to information security
• provide helpful software tools
• make the improvement project a top priority for everyone.

Solutions to manage and redact personal data

JM selected Object Sync™ and Data Secure™, part of the Data Sync Manager™ (DSM) suite, to copy and scramble subsets of data for testing and training purposes. By reducing their data footprint in non-production environments, they can remove personal data from their test environments. Additionally, for GDPR compliance it is important to show data protection by design and by default. By using DSM for refreshing data in the non-production system, JM can demonstrate this principle.

JM now also uses Data Disclose™, Data Redact™ and Data Retain™, part of the Data Privacy suite. Data Disclose is used for Subject Access Requests (to comply with GDPR Article 15). The JM team is able to search their SAP systems, and provide a branded PDF document detailing the individual’s data stored in their systems. Data Redact, which is used to redact the data that identifies an individual (to comply with GDPR Article 17 and the right to erasure), allows JM to respond to any removal requests. It also enables JM to redact any personal data in their SAP systems that falls outside their data retention policies, regularly and proactively.

JM partnered with EPI-USE Labs to be a ramp-up client for Data Retain, which provides a visual UI for configuring and running retention rules, and submissions to Data Redact for keys that are due for redaction.

EPI-USE Labs was also able to assist with the initial mass clean-up across several data sets, including Customers, Vendors, Employees and Accounting Documents, using their System Landscape Optimisation capabilities.

Ongoing compliance with GDPR

JM has been able to use EPI-USE Labs’ solutions to support their business processes and comply with GDPR demands in areas where data was at risk, and within a short timeframe:

• A proactive approach removes sensitive data automatically, as soon as it is outside its retention period.
• Test systems no longer contain sensitive data, lowering the risk of breaches by internal users or partners accessing non-production environments.

JM’s next step in their GDPR journey is to implement information security routines in operations. Working with EPI-USE Labs, they plan to set up retention programmes in their SAP systems.

About JM

JM is one of the leading developers of housing and residential areas in the Nordic region. Operations cover production of new homes, with a focus on expanding metropolitan areas and university towns in Sweden, Norway and Finland.