SAP GDPR Compliance (ANONIMO)

GDPR 2018: is your ERP System compliant with the new regulation?

 

Inquaero ANONIMO is our solution to comply with the requirements of General Data Protection Regulation (GDPR) for SAP systems.

Thanks to the experience gained in several System Landscape Optimization (SLO) projects, we can provide a consultant service – based on a proprietary ABAP solution – that can apply Pseudonymization  to Personally Identifiable Information (PII) of any Business Partner (employee, customer or vendor) directly at database level.

Our PII Intelligent Mapping solution makes data records less  – or not at all –  identifiable, while remaining suitable for data processing (specifically for test environments) and data analysis (statistics and data science).

During the masking process, conversion rules are safely saved and stored into a mapping table on an external system.

The used masking criteria are then made available only to a limited set of users (like the Data Protection Officer – DPO) for Legal Auditing needs, until the final data destruction, which occurs as soon as the legal retention time has expired.

Alternatively to this custom solution, we support the end-to-end implementation of SAP ILM (for productive systems) and SAP TMDS stand-alone data masking (for non productive systems).

SAP NetWeaver Information Lifecycle Management (SAP NetWeaver ILM) is the SAP Application that supports the management of information data through its complete lifecycle, starting from the business processes that generated the data into a transactional system, then by covering the processing of the data in accordance with intended purpose (residence time), then supporting the maintenance of the information into a dedicated storage system because of legal requirements (retention time), and eventually by managing the destruction of the information as soon as its retention time has expired.

The usage of SAP ILM has gradually grown in the last years, pushed both by legal requirements more and more compelling in the field of personal data protection (like GDPR), and by the need to reduce and to contain the Total Cost of Ownership (TCO) of SAP infrastructure investments and also by the need to optimize SAP systems, by removing data no more business relevant, in order to plan the adoption of innovative platforms and application (Suite on HANA and S/4HANA)

 

Solutions & Services for SAP GDPR Compliance

 

Detect Personal Information
Inquaero® ANONIMO PPD

(Personal Data Discovery)

READ MORE

SAP IS

(Information Steward)

Manage Historical Data
Inquaero® SEMPLICE

(Archiving & Housekeeping)

READ MORE

SAP ARCHIVING

(SARA Archive Administration)

SAP ILM

(Information Lifecycle Management)

SAP LT

(Landscape Transformation Selective Deletion)

Process Data in Production
Inquaero® ANONIMO A17

(Rigth to Be Forgotten)

READ MORE

SAP GRC

(Access & Process Control)

SAP UI MASKING

(Mask Personal Data)

SAP UI LOGGING – SAP RAL

(Access Monitoring & Logging)

SAP ETD

(Enterprise Threat Detection)

Protect Data in Test Systems
Inquaero® ANONIMO PII-IM

(Intelligent Mapping)

READ MORE

SAP TDMS

(Test Data Migration Server w/ Scrambling Scenario)

 

 SAP ILM

  • P.I.I. Data reaching end of purpose are moved to archive and deleted form online system
  • Access to Storage System granted only to restricted users (ex. DPO) for auditing purposes
  • Limited risk of data breach, after data move to encrypted storage system and deletion from online system
  • Automatic permanent deletion of data, once legal retention period has been reached
  • Storage System ILM-Aware = needed
  • ILM license = needed
  • SAP UI masking = optional
  • SAP UI logging = optional

 Inquaero ANONIMO

  • P.I.I. Data Masking @ Database level
  • Store of masked data into an encrypted mapping table
  • Access to mapping table granted only to restricted users (ex. DPO) for auditing purposes
  • Limited risk of data breach, after pseudonymization of P.I.I. data directly in the online system
  • Automatic scheduling of full anonymization after reaching legal retention period
  • Storage System = not needed
  • ILM license = not needed
  • SAP UI masking = not needed
  • SAP UI logging = optional

 

SAP ILM: Typical archiving process flow

 

SAP ILM Archiving Process - GDRP Compliance for SAP Systems