Adaptation of systems to the GDPR regulation

Challenge

In compliance with GDPR regulation (EU regulation n° 2016/679), the goal of the project was to ensure the security of the SAP application system, with particular focus on the customer’s personal data.

set of SAP GRC solutions were therefore implemented to manage the various aspects of raising awareness of personal data that determine the achievement of an adequate level of security, bridging any gaps compared to those actually applied.

 

Solution

For the project implementation, a Security Risk Assessment analysis was carried out to detect any security criticalities and formulate a tailor-made remediation plan based on the specificities of the Customer.

Then, the personal data present in the SAP systems were collected and the transactions that allow access were mapped.

The authorization criticalities that were identified in the Security Risk Assessment were managed through:

  • The reclamation of roles
  • The SAP Read Access Logging (SAP RAL) implementation to track access to all personal data, saving a log file
  • The SAP Enterprise Threat Detection (SAP ETD) implementation to receive and analyze the logs from SAP systems using the potential of SAP HANA to identify a possible Data Breach in real time by connecting events that occurred on different systems

Results

Statement

The project allowed the customer to achieve compliance with the GDPR, consistently with the company objectives, in a short time.
Luigi Granitto
Client Account Senior Manager - Qintesi

Le informazioni contenute in questo documento sono di proprietà.
Copyright © 2014 Qintesi S.p.A. Tutti i diritti riservati.

Ricevi la nostra newsletter

Compila il form qui di seguito con i tuoi dati per rimanere sempre aggiornato sulle novità e gli eventi di Qintesi.

Subscribe to our newsletter

Fill out the form below with your details to stay up to date on Qintesi news and events.

Come realizzare un profitto sostenibile

Approfondisci i trend e le linee guida per un’impresa sostenibile