SAP GDPR Heatmap

GDPR has been a major hot topic over the last two years, and has seen the biggest shake up to how companies manage their data since the 1990s. For customers that use SAP, the amount of GDPR relevant data to consider can be vast and therefore a little overwhelming to those looking to make their systems GDPR compliant. Unsure where to start with GDPR? Or you want to make sure you have all your tables, landscape and interfaces covered? Absoft can help you, with our GDPR Heatmap Service.

What is SAP GDPR Heatmap?

Developed following a year of assisting our customers to comply with GDPR, the GDPR Heatmap Service gives you a snapshot of your SAP landscape and all the areas in the system where PII (Personal Identifiable Information) data could be hiding.

There are some obvious areas to consider, such as your HR & Payroll systems. However, have you considered where this data feeds into? How about your DEV & QA systems? Links to other SAP modules? Vendor data? Interfaces to external systems? Tables in your SAP backend?

What is Included?

The GDPR Compliance Heatmap will highlight to you where your PII is kept in an easy-to-view format and will provide recommendations on how to tackle the data going forward.

The service includes the following:

  • Review of your SAP landscape
  • A report containing an easy-to-view summary on where PII data is kept in your system
  • Recommendations on how to become GDPR compliant going forward
 

Frequently Asked Questions

General Data Protection Regulation, or GDPR, has overhauled how businesses process and handle data. The European law was brought in in May 2018 as a successor to the Data Protection Act, and aims to regulate the technological advancements that have changed how we handle data. The main changes that were brought about with this law were more protection for individual’s data, in particular the Right to be Forgotten, and changes to the types of data that businesses can legally keep about individuals and businesses.

Personable Identifiable Information, or PII, refers to any piece of data that may lead to identification of a person. Examples of this can include a person’s name, home and email addresses, date of birth, National Insurance number. The GDPR law has brought in new terms that give individuals more rights over their PII data and what PII businesses can legally keep.

PII data can be found all over your SAP environment, but it tends to be most prominent in your HR, Payroll, Finance and reporting suites. A common misconception is that to be GDPR compliant you should only worry about your SAP Prod data, however this is not the case! The data can be found in your DEV/QA environments as well as in back-end tables. If you are unsure where all your data could be hiding, you can read about Absoft’s Heatmap service, which assists companies with this.

In order to be GDPR compliant, you must ensure:

  • You have robust data retention strategies in place
  • You have deleted or anonymised data that you no longer need, or have been asked to get rid of
  • You only keep data that is of Legitimate Interest to you (this is defined by the government)

For more advice on this, please get in touch with us.

You can ensure your data is kept in place by implementing robust data retention strategies and setting these to automatically delete or obfuscate your data. Absoft have assisted customers with this particular task since the legislation was put in place, please get in touch for further information.

There are a couple of options available to you for making your data GDPR compliant while still maintaining an effective QA test environment. Whether it be obfuscation or algorithmic changes to the data held, you can certainly maintain a workable test environment while keeping the PII data anonymised.

Resources

Learn More

SAP HR/Payroll and GDPR – A ‘How to’ guide

Download

GDPR for Non-Production Environments in SAP – A detailed guide

Read Post

GDPR’s 1 year anniversary –  Main takeaways and lessons learned

Book your SAP GDPR Heatmap review

Getting your SAP GDPR compliant may seem daunting, however taking a few steps to ensure that your data is compliant will pay off in the long run and will ensure you avoid any fines from the Information Commissioner’s Office (ICO).