To ensure the compliance of the SAP application system with the GDPR regulation (EU Regulation n° 2016/679), with particular focus on the protection of Customer’s personal data, through the implementation of the complete suite of SAP solutions for the GDPR.
The Qintesi team supported the Customer in the implementation of the solution in a complex project consisting of the following 4 streams:
Stream 1: Implementation of SAP GRC Access Control to:
- manage users and authorization roles in the various systems involved (ERP, BW, etc.), ensuring a “preventive” monitoring of changes policies defined through an “alert” message to the process owners in the event of creation/modification;
- identify violations of segregation of duties matrix (SOD matrix) in “real time”.
Stream 2: Implementation of SAP UI Masking to mask data considered critical, regardless of:
- the access mode (display, reporting, direct access to tables, MS Excel downloads, etc.);
- the extent of the authorization profile (including users with “super user” profiles, eg. “SAP ALL”).
The ex-post verification through access to system logs, reporting an indication of “which personal data have been accessed and by which users”, has been ensured by the implementation of the SAP UI Logging solution.
Stream 3: Implementation of SAP Test Data Migration Server to:
- simplify copying and/or migration of data from production systems to development/test environments;
- reduce the size of the data processed (limiting the process to the “portions” of necessary data);
- avoid the propagation of personal data in the test environment through a procedure of “scrambling” of critical data.
Stream 4: Implementation of SAP Data Service to manage data quality and ETL processes in SAP and non-SAP environments.
The real-time analysis of “anomalous” logs coming from SAP and non-SAP systems, and the correlation of anomalous events that occurred also on different systems in order to identify possible data breach, have been ensured through the adoption of the SAP ETD (Enterprise Threat Detection) on the SAP HANA technology platform.
Le informazioni contenute in questo documento sono di proprietà.
Copyright © 2014 Qintesi S.p.A. Tutti i diritti riservati.