SAP data compliance, did you get it right?
Thursday, November 23rd, 2023
In an episode of the Proceed podcast, we had the pleasure of sitting down with Proceed’s data compliance expert, Chris Burfitt, to discuss SAP data compliance. Together, we explore what it really means to be compliant, how to handle different kinds of data through its lifecycle, and the essential tools available. You can enjoy the entire episode by watching the video above or review the key highlights below.
What is data compliance?
Compliance, when it comes to data, is defined as a set of rules that define how we handle, secure, and discard data in order to protect it. GDPR for personal data, industry regulations, and internal organisational rules are a few examples.
What does ‘being compliant’ entail?
Being compliant means safeguarding data. Initially, it’s about ensuring specific individuals have controlled access to the data, as over time, reducing access becomes crucial to prevent misuse. There is also a time-sensitive aspect where, at a certain point, data removal is necessary for legal compliance and organisational efficiency.
Ultimately, compliance is a balance between legal requirements and optimising data usage.
Why should businesses prioritise compliance?
Non-compliance can lead to license revocation, which has as severe financial consequences as any fine. This is alongside the reputational damage, eroding trust for both commercial and government entities.
Potential blockers and challenges
The primary barrier is often a lack of understanding. Organisations usually struggle with the actual application, despite having a clear set of rules.
Ultimately, the key is understanding the rules and knowing where data resides.
Compliance within the SAP environment
Compliance in SAP goes beyond deleting data – it’s about controlling access, and ensuring only authorised users can extract and manipulate data. Protecting data is as crucial as removing it.
Ultimately, compliance is a balance between legal requirements and optimising data usage.
Christopher Burfitt, GDPR & Data Compliance Expert
SAP’s product expansion
Expanding into Cloud products, SAP introduces a range of individual tools and mechanisms to manage data effectively. In this discussion, the focus lies on what many consider traditional SAP systems, such as ECC and CRM, existing on the SA Business Suite platform. It’s crucial not to overlook other SAP products like SuccessFactors, Concur, or Ariba, each demanding its own compliance solutions.
The lifecycle of data
The temperature of the data determines where the data is in its lifecycle.
Hot data is actively used for daily business operations, heavily queried and indispensable. As transactions conclude, the data cools into a phase where it’s not accessed as frequently but remains crucial for reporting – this is known as warm data. Eventually, data temperature decreases further, reaching a point where, according to business rules or regulations, it’s no longer needed – commonly known as cold data.
Compliance involves understanding when to retain data for legal or business purposes and when to discard it, which aligns with GDPR’s notion of “end of purpose,” emphasising the significance of removing data when its intended purpose concludes.
Approaching different types of data for compliance
Compliance rules vary based on the nature of the data:
For employee data, the primary requirement often involves data removal. Access control is typically well-established in SAP HR Systems, with known and approved individuals having access. The approach here is a data purge or destruction method.
Dealing with customers, vendors, and business partners is different. Data removal is complex, requiring the closure of all associated business transactions. Given the difficulty, the focus shifts to blocking data. After completing transactions, data access is limited by introducing special indicators. This means only authorised individuals can access and view blocked data, ensuring a controlled approach.
Essential considerations to avoid common pitfalls
Ensuring effective compliance requires engaging key stakeholders such as IT, business, and legal representatives, shaping a pivotal understanding and strategy. It’s crucial to comprehend data usage across diverse environments, including testing and training systems. SAP emphasises controlling data beyond its system and guiding users in responsible data handling.
Essential tools for data compliance
Tools like data masking, blocking, archiving, and redacting play vital roles in compliance. They protect data, control access, and help in flagging when data is due for destruction.
The accessibility and challenges of SAP standard tools
SAP standard tools are accessible, but their implementation can be challenging. Experience is key, and engaging the specialists is advised, particularly within more complex scenarios.
Further reading
[Blog] How to run a data compliance project
[On-demand webinar] Ensuring SAP Data Compliance with GDPR and Other Regulations
You may be interested in
Upgrading OpenText VIM?
The latest OpenText VIM update prioritises compliance, efficiency, and user experience enhancements. For those just beginning the upgrade process, we have put together a short guide outlining the key considerations to keep in mind.
Read more
Surviving a data breach: A guide for businesses
Are you doing the utmost to prevent a data breach? And if one were to occur, have you done the utmost to minimise its impact? Here, we highlight important considerations and insights on the topic.
Read more
S/4HANA migration: Greenfield and brownfield best practices
When embarking on your journey to S/4HANA, whether you are opting for a greenfield approach or upgrading an existing system through a brownfield strategy, implementing key data management strategies is crucial to ensuring a seamless, cost-effective, and swift migration process.
Read more