Tak advantage of data masking to comply with the GDRP
General Data Protection Regulation is a set of regulations by which the European Commission intends to strengthen and unify protection of personal data. It comes into effect on May 25th, 2018. According to SAP, the GDPR is so vast no single solution now available on the market can address all of it.
With the GDPR Directive, the EU has regulated the right to access and forget personal data. As a result, data on customers, business partners and employees after the “end of purpose” must be identified and deleted in SAP systems.
To meet GDPR requirements, all personal data in the SAP ERP system ought to be pseudonymized and stored exclusively for audit purposes in a separately secured client. Data masking is a proven methodology (used for many years now for mergers and acquisitions) that can now help customers comply with the GDPR. It is efficient and, unlike other solutions, easy to implement.
Data masking methodology – how does it work
To make SAP systems GDPR compliant, Datavard recommends “data pseudonymization” in the productive SAP client along with setting up a security client with sensitive data and restricted access (only for audit reporting, data protection officers, etc.) Sensitive data after pseudonymization are no longer readable for standard SAP users in the productive client. Nevertheless, all transaction data, such as financial documents, is still available for reporting. Access to the original personal data is only possible via the security mandate.
Advantages of data masking
Data masking assures immediate and fast compliance of SAP data with the new EU Regulation. The implantation is fast and safe, thanks to the usage of a proven and well-known methodology. Pseudonymized data remain in the productive SAP client and don’t influence established processes. No new reporting process is required.
Sensitive data is still available through a new secure security client. Pseudonymization and data copies to the security client with SAP ILM is automated and executed periodically.
The data pseudonymization project lasts 4 months and is available for all SAP NetWeaver based systems, including future SAP solutions such as SAP S4/HANA and BW4/HANA.