Meet the GDPR deadline with data masking

data masking with datavard

Tak advantage of data masking to comply with the GDRP

General Data Protection Regulation is a set of regulations by which the European Commission intends to strengthen and unify protection of personal data. It comes into effect on May 25th, 2018. According to SAP, the GDPR is so vast no single solution now available on the market can address all of it.

With the GDPR Directive, the EU has regulated the right to access and forget personal data. As a result, data on customers, business partners and employees after the “end of purpose” must be identified and deleted in SAP systems.

To meet GDPR requirements, all personal data in the SAP ERP system ought to be pseudonymized and stored exclusively for audit purposes in a separately secured client. Data masking is a proven methodology (used for many years now for mergers and acquisitions) that can now help customers comply with the GDPR. It is efficient and, unlike other solutions, easy to implement.

Data masking methodology – how does it work?

To make SAP systems GDPR compliant, Datavard recommends “data pseudonymization” in the productive SAP client along with setting up a security client with sensitive data and restricted access (only for audit reporting, data protection officers, etc.) Sensitive data after pseudonymization are no longer readable for standard SAP users in the productive client. Nevertheless, all transaction data, such as financial documents, is still available for reporting. Access to the original personal data is only possible via the security mandate.

data masking sap comply with gdpr

Advantages of data masking

Data masking assures immediate and fast compliance of SAP data with the new EU Regulation. The implantation is fast and safe, thanks to the usage of a proven and well-known methodology. Pseudonymized data remain in the productive SAP client and don’t influence established processes. No new reporting process is required.

Sensitive data is still available through a new secure security client. Pseudonymization and data copies to the security client with SAP ILM is automated and executed periodically.

The data pseudonymization project lasts 4 months and is available for all SAP NetWeaver based systems, including future SAP solutions such as SAP S4/HANA and BW4/HANA.

data masking pseudonymization GDPR

Data masking – project milestones




2 comments on “Meet the GDPR deadline with data masking

  1. Bhavan K on

    Very Good solution.
    But I have one doubt, In the above screenshot, customer was shown as masked. If I run any customer report or If I open any customer sales order, will the system show the actual customer name or it will show the masked name?

    • Jan Meszaros on

      Hi Bhavan, Thank you for your question.

      After the data scrambling any connection to this master record will be masked (i.e. scrambled). If you open any document related to this customer (e.g. sales order) only the masked data will be visible. All customer details are scrambled though the complete system (e.g. master record, change docs, sales order, etc.) so nobody can connect the original name of the customer to any transaction.

      Best regards,


Leave a Reply

Your email address will not be published. Required fields are marked *