How to run a data compliance project

Friday, October 6th, 2023

Chris Burfitt

With many successful data compliance projects under our belt, we have a clear understanding of what it takes to run a project effectively. In this blog, we’ll discuss the factors that drive successful compliance projects. We’ll outline the first steps to getting started before delving into each of the main project phases. We’ll also provide insights into the lessons learned from our implementations.  

What drives successful compliance projects? 

Understand the problem that needs to be solved 

  • What does the organisation want to change or make happen? 
  • Understand the value of solving the problem – how much is the problem currently costing? What is the risk if the problem is not solved (cost or reputational)?  
  • What is the business case? Who are your project sponsors? 
  • Connect with your users, identify what they think the problem is and the solution 

Understand the wider context

  • Identify if the problem and solution is part of a bigger process or user journey 
  • Understand context across the organisation – problems often involve multiple departments and external organisations (interfaces to pension provider or learning provider, for example)
  • Develop a picture of what that wider ‘journey’ looks like for the organisation
  • Understand if other teams are working on similar problems within the organisation. For example, discovery might reveal that another part of the organisation has already implemented something similar for another system/department
  • Identify industry best practice/vendor best practice that can be applied 

Getting ready 

  • Are your users ready for the project?  
  • Make sure you understand the resource requirements 
  • Are your key stakeholders engaged?  
  • Define your success criteria/outcomes 
  • Define critical success criteria that will be used to measure success 

Understand constraints 

  • Legislation or industry-specific regulations 
  • Organisation / Policy / Contracts that might need to be reviewed or changed 
  • Technology that needs to be upgraded, or additional technology required 
  • Existing processes that need to change, or new processes that are required 
  • Break down and prioritise risks, assumptions and questions 

Share outcomes 

  • Produce a discovery report with implementation recommendations – this will form the foundation of your implementation design

After establishing a strategy that aligns with the company’s goals, it is crucial to have a detailed plan about the next steps that involves realistic timeframes and achievements. This will guarantee you don’t experience any unexpected impact on current business processes.   

The team involved needs to have clearly defined roles and responsibilities to maximise efficiency. The project team should include specialists from the 4 main areas: Business, IT, Auditors and Legal. It’s important for the user community to be aware of the project activities. To make sure users understand the impacts, it’s crucial to provide clear documentation on the processes, policies and procedures.  

A successful project aims for the activities to become routine processes that can be absorbed into Business-As-Usual (BAU) operations. 

 

An example of an archiving project charter:  

Objective 

  • Define a data strategy to achieve compliance with data regulations and organisation rules whilst, at the same time, meeting business data retention requirements​ 
  • Identify the cost-benefit of data reduction to demonstrate business benefits additional to compliance
  • Define an implementation plan for subsequent project phases

Drivers

  • Limited data management to date​ 
  • Non-compliance with data retention rules of the organisation 
  • Non-compliance with wider data protection legislation 
  • Risk of reputational damage and fines if compliance issues are not addressed 

Data Objects (SAP production master and transaction data) 

  • Customers 
  • Vendors 
  • Business Partners 
  • Contact Persons 
  • Employees 

Benefits

  • Reduced vulnerability of data​ 
  • Compliance with organisational and legal data protection rules 
  • Reduced data volumes, and therefore additional potential for: 
    • Increased system performance​ 
    • Reduced query times ​ 
    • Less backup time​ 
    • Easier database administration​ 
    • Fewer hardware requirements​ 
    • Lower storage costs 

The main project phases 

Our project methodology provides SAP users with a definitive guide for gaining commitment to a project, from day one. We have used the SAP Activate methodology phases as the foundation for our phase structure: Prepare, Explore, Realise, Deploy and Run. Within each of these stages, we have further broken down the process into specific tasks and deliverables. 

Prepare Stage 

During this stage of the project, the following tasks must be completed to ensure a successful project execution:  

  • Detailed planning to define the project objectives, timelines, and budgets 
  • Project standards should be established to ensure consistency and quality throughout the project
  • The infrastructure should be validated to ensure it is capable of supporting the project requirements
  • Implementation of project management procedures  

The deliverables 

  • A project charter that outlines the project’s scope, objectives, timelines, and budgets
  • A high-level plan that shows the main phases and tasks 
  • A detailed draft project plan with task details, dates, resources and effort estimations 

Explore Stage 

At this stage, there are several key tasks that should be completed. These include  

  • Reviewing the SAP solution 
  • Analysing the data 
  • Interviewing super-users 
  • Preparing the design   
  • Conducting workshops 
  • Creating the test strategy
  • Creating an implementation plan 

The deliverables should consist of:  

  • An approved design, including the agreed data retention schedule
  • An approved implementation plan
  • An approved test strategy
  • Ongoing project status reports  

These deliverables are critical for ensuring the project progresses with a clear direction and alignment towards its objectives. 

Realise Stage 

During this stage of the project, the following tasks must be completed: 

  • Building the agreed design, including any required architecture  
  • Testing the design to ensure it meets the requirements
  • Documenting the build and process
  • Migrating to the test system
  • Providing user training – for both technical users and end users
  • Creating, executing, and signing off on UAT
  • Defect fixing for test defects
  • Performing performance and volume testing and performance tuning

The deliverables should consist of: 

  • Configuration documents 
  • Technical specifications (for any enhancements) 
  • Test documents 
  • Run books 
  • Training guides 
  • Project status reports 

Deploy Stage 

During this stage of the project, the following tasks must be completed 

  • Migrating to the solution to the production system
  • Performing checks and smoke tests 
  • Signing off the deployment as successful  

The deliverables should consist of: 

  • Cutover runbook 

Run Stage 

During this stage of the project, the following tasks must be completed: 

  • Catch-up runs  
  • Transition to Business as Usual (BAU) 
  • Hypercare support 

The deliverables should consist of: 

  • Customer exit package documentation – as agreed individually with each customer 

Compliance project lessons learned 

Based on hundreds of data management projects, here are our main takeaways: 

archiving project

Follow a phased approach 

An SAP activate-based phased approach enables better organisation, flexibility, and quality control. It allows for adjustments and review after each phase, leading to a higher quality, and better issue and risk management. This in turn leads to a higher chance of success. 

archiving project

Dedicated, collaborative and accountable team 

A dedicated team improves focus. Collaboration and accountability increase the chances of success. A dedicated team can stay focused on project goals and ensure the necessary momentum is maintained to complete the project. 

Take your users on the journey 

Taking users on the journey promotes adoption and relevance. Involving users early and often empowers them and improves collaboration for better outcomes. 

archiving project

Get the architecture right  

A well-designed architecture can prevent the need for costly redesigns or upgrades, ensures fast access times, protects sensitive information, and optimises storage and maintenance costs. 

Define organisation wide residency & retention times

Defining organisation-wide retention times helps ensure compliance with legal and regulatory requirements across all systems that the data resides in. 

Review data access design

Blocking access to data, either through ‘standard’ SAP authorizations, or through the implementation of enhanced ‘blocking’, masking or redaction, reduces the risk of data breaches, and helps control the usage of data. This helps organisations meet the ‘Purpose Limitation’ requirements that are at the core of most data protection legislation. Other security options such as removing the ability to download data from the system and ‘read access logging’ can also be considered to keep the data safe. 

Test, test, and test again 

Testing is an essential part of any data management project for businesses. It helps to ensure that the data is being treated correctly. 

Document the process 

Documentation is essential, it provides a record of the project’s progress, which can be used to track and manage the project, as well as a reference for future projects and the teams running the solution. 

Successful projects require a clear strategy aligned with the company’s goals, a dedicated team with defined roles and responsibilities, and a phased approach with realistic timeframes and achievable goals.  

Share this page

You may be interested in

SAP data compliance, did you get it right?

SAP data compliance, did you get it right?

Delve into the complexities of data compliance with Christopher Burfitt, where the focus extends beyond rule adherence: learn why being compliant involves a delicate balance between legal requirements and optimising data usage. Discover the critical considerations, challenges, and essential tools that shape an effective data compliance strategy.

Read more

What options are there to better manage legacy data?

What options are there to better manage legacy data?

Proceed’s managing director and subject matter expert, Robert Reuben explores the different options for managing legacy data and the best available tools. Join us as we unpack best practices, real-world results, and the invaluable lessons learned from those who have successfully offloaded their legacy systems.

Read more

Should businesses manage data before or after S/4HANA?

Should businesses manage data before or after S/4HANA?

With firsthand insights and customer examples, Nick sheds light on the pivotal question: Should SAP customers address data management before or after their migration? Tune in as we unpack best practices, real-world results, and the invaluable lessons learned from those who have embarked on the journey to S/4HANA.

Read more