GDPR Implementation | How do we automatically identify all personal data in a SAP system landscape?

Is there software that helps with GDPR implementation by analyzing your system landscape and reports where you have personal data for GDPR?

YES! "Sophia SOFTWARE" is an ADVANCED SEARCH TOOL that reduces the manual effort in PERSONAL data protection projects by analyzing and THEN automatically identifying all personal data in a whole system landscape. 

The first step towards GDPR Implementation and compliance is to assess to what extent the GDPR applies to your organization. This analysis starts with documenting what personal data you have and where it resides in a register.  The GDPR personal data definition is very broadly described as any data that relates to an identified or identifiable natural person. It can be found in customer databases, in feedback forms filled out by your customers, in email content, in photos, in CCTV footage, in loyalty program records, in HR databases, and much more.  ** Note, personal data doesn’t need to be stored in the EU to be subject to the GDPR—the GDPR applies to data collected, processed, or stored outside the EU if the data is tied to EU residents.**

Organizations have collected data for different purposes over many years. Data is scattered in different silos and platforms. Often, the required documentation on this data is lacking.  To understand what GDPR regulations are required for your company, it is important to inventory your organization’s data. This will help you to understand what data is personal and help to identify the systems where that data is collected and stored. You’ll also understand why it was collected, how it is processed and shared, and how long it is retained.  Sophia software is discovery analytics that helps with the first step of this process by reporting on what personal data is in your landscape and where it is stored.

Sophia Facts

  1. Sophia software is 24 hours from installation to results.
  2. Sophia drastically reduces the effort involved in the gdpr implementation of an anonymization strategy by identifying all of your personal data and where it resides.
  3. Sophia provides the basis for introducing a data life-cycle strategy.
  4. Sophia helps you prioritize the topics for your GDPR / Data Privacy Strategy.
  5. Sophia provides well-founded results in the context of compliance audit.
  6. Sophia can be used to AUTOMATICALLY determine 99% of all personal data and fields with personal references in SAP system landscapes. 
  7. Sophia ia FREE when you use Natuvion consulting for implementing GDPR compliance.


  • Uses both the DDIC-based structure search and the semantic / content-based search. The combination of the two methods leads to amazing reporting accuracy.
  • Covers all SAP Business Suite systems.
  • Covering all personal related data / fields (customer tables, table field extensions, etc.).
  • Combination of domain-based and content-based search.
  • Domain scan: finds all table fields that contain "suspicious" domains (direct and indirect personal reference).
  • Content scan: finds table fields with direct personal reference based on the content.
  • High-performance parallelization (processes data in parallel).
  • Automatically creates audit trails to show what searches were executed, when they were executed, and which data repositories were searched. These audit trails could be persuasive evidence to a GDPR regulatory authority that the organization is applying the required effort to find data that is not easy to find.