Five things you need to do now to ensure your SAP systems meet the GDPR personal data regulations.
The GDPR has huge impact on SAP systems, where a large amount of sensitive and GDPR personal data are stored. For example, just think about all GDPR personal data of your employees, customers, and vendors that are spread all over your various SAP and non-SAP landscapes.
Here are five things you need to do now to protect your GDPR personal data and to ensure your SAP systems meet the General Data Protection Regulation:
- SAP has already warned that companies will have to carry out Data Protection Impact Assessments (DPIAs) as a part of their overall risk management strategy. Schedule your first DPIA here.
- A step in our one-day workshops is to review your SAP system landscape and map all the places that GDPR personal data is stored. For example, Personnel: ECC – HR / SuccessFactors / FieldGlass Customer: ECC – SD + FI-CO / CRM / Hybris Reporting: BW.
- Let us educate you on the SAP GRC (Governance, Risk, and Compliance) application. Most of these SAP applications’ security and risk can be managed with GRC.
- SAP is already working on enabling its platform for GDPR. For instance, removal of GDPR Personal Data is already supported in some areas of ECC EhP8, GRC, CRM, HCM, PLM, SCM, etc. Let us share with you how Information Lifecycle Management in SAP can expedite your GDPR compliance with its event deletion and expiration deletion features. We have pre-built templates that will make this process smoother.
- Anonymize your non-production systems and psuedonymize your production data, including your Analytics systems that have GDPR personal data. TDA is an engine that works with your SAP systems on this process to protect this GDPR personal data. Subscribe today here.
- Try our GDPR personal data search tool. Sophia is a new technology that runs across SAP and non-SAP landscapes and provides reporting about what GDPR personal data is stored where. This tool provides a fast-start to your anonymization and pseudonymization of GDPR personal data processes.