Everyone keeping track of GDPR Clock should be already gearing up for compliance. Because the consequences of non-compliance could be damaging.
Under the new law, Personal data of your customers can only be gathered legally under strict conditions. Processing/handling/archiving/deleting this data should also be handled under strict rules.
We are part of Brexit! We do not have offices in EU countries! I do not know if this applies to us! By when should we be compliant!
It applies to everyone who is processing/using any data for customers from EU.
So even if you do not have a office in EU but do business with EU customers, you are in purview of GDPR.
When it comes to SAP, you should be thinking of but not limited to following aspects of Data.
- Any personal data of your customers should be secured. This includes from their official title (CEO/CFO/Director etc..) to their postal code. Make informed decisions.
- Be prepared to secure the data in you system already. Prevent unauthorized access to this information. Many might think this only applies to production systems, which is incorrect. Personal data in your Pre-Prod, Test, Development etc.. all are considered sensitive.
- Data should be archived/deleted unless it is absolutely required. Archived data should be safeguarded from unauthorized access.
This of course is a complicated and time taking process. But the great thing is there are already multiple tools readily available in the market which can completely automate this process.
Since we are talking about SAP, I would like to bring some of these tools to your notice which can help you make your SAP systems compliant.
- Lets start with Basics and the most crucial aspect. Check your authorization matrix. Ensure that only people who need access to personal data has access. Use tools like SAP GRC to control authorizations, manage/mitigate/document risks.
- Protect the data in your non-production systems. Strict authorization controls on your non-production SAP system. Use tools that scramble test data in non-production systems. Some examples include, SAP TDMS and DATA Secure by EPI-USE. Another interesting tool could be SAP Field Masking Solution.
- Handle the data in your production system wisely. Archive or delete your data that is not necessary. Use tools like SAP ILM to manage the life cycle of your data.
Above are just some actions for compliance. There is much more to this than just using the tools like, appointing a Data Protection Officer (DPO), Legal advise etc..
Please share your experience regarding GDPR under comments.