Facebook Instagram Linkedin Youtube
Search
Close this search box.
Go back

SAP solutions for GDPR compliance

Challenge

To ensure the compliance of the SAP application system with the GDPR regulation (EU Regulation n° 2016/679), with particular focus on the protection of Customer’s personal data, through the implementation of the complete suite of SAP solutions for the GDPR.

 

Solution

The Qintesi team supported the Customer in the implementation of the solution in a complex project consisting of the following 4 streams:

Stream 1: Implementation of SAP GRC Access Control to:

  • manage users and authorization roles in the various systems involved (ERP, BW, etc.), ensuring a “preventive” monitoring of changes policies defined through an “alert” message to the process owners in the event of creation/modification;
  • identify violations of segregation of duties matrix (SOD matrix) in “real time”.

 

Stream 2: Implementation of SAP UI Masking to mask data considered critical, regardless of:

  • the access mode (display, reporting, direct access to tables, MS Excel downloads, etc.);
  • the extent of the authorization profile (including users with “super user” profiles, eg. “SAP ALL”).

 

The ex-post verification through access to system logs, reporting an indication of “which personal data have been accessed and by which users”, has been ensured by the implementation of the SAP UI Logging solution.

Stream 3: Implementation of SAP Test Data Migration Server to:

  • simplify copying and/or migration of data from production systems to development/test environments;
  • reduce the size of the data processed (limiting the process to the “portions” of necessary data);
  • avoid the propagation of personal data in the test environment through a procedure of “scrambling” of critical data.

 

Stream 4: Implementation of SAP Data Service to manage data quality and ETL processes in SAP and non-SAP environments.

The real-time analysis of “anomalous” logs coming from SAP and non-SAP systems, and the correlation of anomalous events that occurred also on different systems in order to identify possible data breach, have been ensured through the adoption of the SAP ETD (Enterprise Threat Detection) on the SAP HANA technology platform.

Results

  • Adaptation of the security of SAP systems involved in the Risk & Compliance area to the GDPR regulations
  • Complete mapping of personal data on SAP systems
  • Data access control and review of the "provisioning" process of roles and profiles

Le informazioni contenute in questo documento sono di proprietà.
Copyright © 2014 Qintesi S.p.A. Tutti i diritti riservati.

  • SERVICES OFFERED

  • Digital Transformation

      IT Advisory

        • IMPLEMENTED MODULES
          SAP GRC
          SAP DATA SERVICE
          SAP ETD
          SAP TDMS
          SAP UI LOGGING
          SAP UI MASKING

        Milan – Venice – Bergamo – Mantua – Brescia – Rome

        info@qintesi.it – qintesi@pec.it

        Qintesi S.p.A. ©Copyright 2023
        Entered in the Register of Companies of Bergamo
        CCIAA/R.E.A. BG 284863 – F.C. & VAT 02384970162 – Soc. Cap. Euro 4.000.000 fully paid

        Subscribe to our newsletter

        Subscribe
        Facebook Instagram Linkedin Youtube

        Ricevi la nostra newsletter

        Compila il form qui di seguito con i tuoi dati per rimanere sempre aggiornato sulle novità e gli eventi di Qintesi.

        Subscribe to our newsletter

        Fill out the form below with your details to stay up to date on Qintesi news and events.

        Come realizzare un profitto sostenibile

        Approfondisci i trend e le linee guida per un’impresa sostenibile

        Scarica il White Paper