marknadsplats – compliance with the · pdf fileansvarig information assurance and risk...
TRANSCRIPT
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Marknadsplats – compliance with the GDPR Karin Ejstrup – Business Development Manager, EPI-USE Labs
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Introduction to EPI-USE Labs
Unique solutions, mobile apps, and integration of different systems with SAP environments
Custom development
1000+ employees specializing in SAP® and
SuccessFactors®
Part of the EPI-USE group
Third-party solutions for SAP ALM, HCM and more
SAP-certified products
Cloud project expertise Cloud managed hosting
Dedicated and innovative employees of
which 35% in R&D
SAP data-solution experts
Services Implementation, reporting,
landscape optimization, product support, and more
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Our products Application Lifecycle Management
§ Data Sync Manager (DSM) § System Builder § Client Sync § Object Sync § Data Secure
§ EPI-USE Cloud Platform (ECP)
Human Capital Management
§ Query Manager § Variance Monitor § Pay Recon § Advanced Time Process
Manager
ERP, CRM, SRM, GTS, BW, SCM, NW (HANA compatible)
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Our services Landscape Transformation § Company-code carve-outs § HR system splits § Mergers and Acquisitions S, BW, SCM)
Solution as a Service (SaaS)
§ Periodic test-system refreshes § New system provisioning § Ad-hoc data requirements § Software-as-a-Service § HCM-report writing
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
GDPR - General Data Protection Regulation
En utmaning – men EPI-USE Labs hjälper till J
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
EU regulation on protection of sensitive data (excerpt from article written by BDO*)
§ ”Alla bolag och organisationer med verksamhet är skyldiga att följa förordningen och hantera alla personuppgifter pa lämpligt sätt. ”
§ ”Det gäller naturligtvis alla personuppgifter som används i verksamheten t.ex. information om anställda, närmast anhörig och annan HR-information men glöm inte bort kunder, leverantörer, besökare pa hemsidan eller i webshoppen. Men också prospekts, marknadsföringsinformation eller annat som kan härledas till en nu levande person. ”
*Håkan Skyllberg, CISA Ansvarig Information Assurance and Risk Services, BDO
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
EU regulation on protection of sensitive data (excerpt from article written by BDO*)
§ ”Det som kan vara unikt för SAP är att det vanligen finns flera parallella IT-miljöer uppsatta. Det är inte vanligt att det bara finns en produktionsmiljo utan kanske redundanta siter, system för QA, testmiljo och utvecklingssystem. Vilka personuppgifter behandlas här?”
§ ”Ett medgivande från den registrerade eller ett undantag för att få behandla personuppgifter gäller endast ett specifikt syfte och det syftet omfattar nästan aldrig att personuppgifter behandlas för att utveckla nya funktioner i affärssystem eller att personuppgifter körs i testsystem. ” *Håkan Skyllberg, CISA
Ansvarig Information Assurance and Risk Services, BDO
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
This is Data Sync Manager ▪ Certified by SAP
▪ No separate server, no separate middleware required
▪ Implemented in few days
▪ Works on all SAP applications (ERP, BW, SRM, CRM, SCM, GTS, NW; incl. HANA) and ERP industry solutions
▪ Works J - ask our customers – check out analysts’s reports*
Gartner Inc: Market Guide for SAP Selectie Test Data Management Tool, Sept 2015
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Excerpt from the latest Gartner Group report * § ”The EPI-USE Labs Data Sync Manager (DSM) product suite ..... § supports a very broad range of SAP applications and industry
solutions …. § optimized to handle solutions based on SAP Hana ….. § synchronized data copying and masking across complex SAP
system landscapes..... § strong product support and consulting feedback from Gartner clients
using EPI-USE Labs products..... § Data Secure provides an extensible set of masking rules for any
field with an SAP client. independently, or with Client Sync…... § customer savings, including test data copy time reductions of more
than 90%, and more than 60% reduction in hardware costs claimed from recent projects."
Gartner Inc: Market Guide for SAP Selectie Test Data Management Tool, Sept 2015
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary. Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
A superior way of preventing insight into personal data
An appetizer - visit stand A04-12, attend my presentation J
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
This is Data Sync Manager ▪ Certified by SAP
▪ No separate server, no separate middleware required
▪ Implemented in few days
▪ Works on all SAP applications (ERP, BW, SRM, CRM, SCM, GTS, NW; incl. HANA) and ERP industry solutions
▪ Works J - ask our customers – check out analysts’s reports
Gartner Inc: Market Guide for SAP Selectie Test Data Management Tool, Sept 2015
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Copying with Data Sync Manager
Integrated solution for SAP System, Client and Object copying
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Masking with Data Sync Manager
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
4TB 0.7TB 1TB +
= 5.7 TB
4TB 4TB 4TB + +
= 12 TB
Client Sync reduces the need for desk space and may leave sensitive data uncopied § selectively copy and scramble data on demand selectively copy and
scramble data on demand § save data storage space - up to 80%! § minimise the need for full refreshes and eliminate manual data
entry
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Client Sync: Transactional Data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Cross-system copying, se det live på YouTube J
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
§ Automatic crosssystem masking of dependant data
§ Range of customizable scrambling rules and behaviors
§ Evidence to auditors that data protection is under control
§ Library of ready-to-go content
Cross-system masking*
* Tested at selected customers
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Screenshots OS for HCM - animation
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
This is how Data Sync Manager works
Client-dependent Customization
Appl
icat
ion
Dat
a
Transaction Data
Master Data Use
r Mas
ters
Repository
Client-independent Customization
System Builder
Client Sync Object Sync
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
In comes scrambling
Client-dependent Customization
Appl
icat
ion
Dat
a
Transaction Data
Master Data Use
r Mas
ters
Repository
Client-independent Customization
Data Secure
Client Sync
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Data Sync Manager for HCM Secure and easy copying of SAP HCM data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Screenshots OS for HCM - animation
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
✓ Everything is there
▪ Infotype data - including custom Infotypes and relationships ▪ Payroll - including FI Postings and Payments files ▪ Time - including CATS / CATSDB ▪ All PD data (including PD Mass Copy) ▪ Appraisal Records (PHAP / HRHAP) ▪ Learning Solution / LSO Participation documents ▪ Trip / Travel Management ▪ Archive links ▪ Compensation Planning ▪ Custom Infotypes and relationships (PA and PD) ▪ PU12 interface data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Complete Integration
▪ Transfer of dependent information from EMPLOYEE Object: ▪ Related Cost Centres, ▪ Organisational Structures / Cost Centre Hierarchy ▪ LSO Participation Documents ▪ User (MSS/ESS) ▪ Vendor ▪ etc...
▪ Transfer/integration of other SAP module data ▪ GL Accounts ▪ Cost Centre Master ▪ Project (WBS Elements) ▪ Vendor ▪ Internal Orders ▪ etc....
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Client Sync implementation ▪ Execute Object Analysis Program
▪ Solutions Consultant provides a document on the requirements for the implementation
▪ Install the DSM transport
▪ Implement DSM - typically 5 days per module, 2 days for Data Secure/scrambling
▪ Tune performance and verify new target clients
▪ Provide training to Basis and Technical users
▪ Solutions Consultant supplies Summary Document with recommendations and benchmarks
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Next steps?
§ Mod visse grundoplysninger om jeres SAP systemlandskab – får I § Et dokument om scrambling § En demonstration af de løsninger, der kan være
relevante for jer § En systemanalyse der indikerer mulige besparelser i
tid og databasestørrelse [email protected]
+45 2348 5245
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
GDPR - General Data Protection Regulation
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
GDPR – new, but building on previous directives and research on ”the new oil” § 1995: Directive 95/46/EC on the protection of individuals with regard
to the processing of personal data and on the free movement of such data
§ 1998-2001: the directive turned into local legislation in the EU member states
§ 2002: 2002/58/EC of the European Parliament and of the Council of 12, concerning the processing of persoanl data and the pretctoin of privacy in the electronic communications sector
§ 2007-2012: Consensus on use of personal data via World Economic Forum and international political organisations. Research on the exploitation of data as “the new oil” accelerates, countries upgrade
§ 2012: the Commission introduces Proposal for General Data Protection Regulation
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Some of our articles on protection of sensitive data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
EU regulation on protection of sensitive data (excerpt from article written by BDO*)
§ ”Alla bolag och organisationer med verksamhet är skyldiga att följa förordningen och hantera alla personuppgifter pa lämpligt sätt. ”
§ ”Det gäller naturligtvis alla personuppgifter som används i verksamheten t.ex. information om anställda, närmast anhörig och annan HR-information men glöm inte bort kunder, leverantörer, besökare pa hemsidan eller i webshoppen. Men också prospekts, marknadsföringsinformation eller annat som kan härledas till en nu levande person. ”
*Håkan Skyllberg, CISA Ansvarig Information Assurance and Risk Services, BDO
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
EU regulation on protection of sensitive data (excerpt from article written by BDO*)
§ ”Det som kan vara unikt för SAP är att det vanligen finns flera parallella IT-miljöer uppsatta. Det är inte vanligt att det bara finns en produktionsmiljo utan kanske redundanta siter, system för QA, testmiljo och utvecklingssystem. Vilka personuppgifter behandlas här?”
§ ”Ett medgivande från den registrerade eller ett undantag för att få behandla personuppgifter gäller endast ett specifikt syfte och det syftet omfattar nästan aldrig att personuppgifter behandlas för att utveckla nya funktioner i affärssystem eller att personuppgifter körs i testsystem. ” *Håkan Skyllberg, CISA
Ansvarig Information Assurance and Risk Services, BDO
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
More information § General Data Protection Regulation, text in English,
Finnish, and Swedish § http://data.consilium.europa.eu/doc/document/
ST-9565-2015-INIT/en/pdf § http://data.consilium.europa.eu/doc/document/
ST-9565-2015-INIT/fi/pdf § http://data.consilium.europa.eu/doc/document/
ST-9565-2015-INIT/sv/pdf § Finnish Personal Data Act
§ https://www.finlex.fi/en/laki/kaannokset/1999/en19990523.pdf
§ Data Protection Ombudsman § http://www.tietosuoja.fi/en/index/rekisterinpitajalle.html
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary. Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Scrambling
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Protection of sensitive data § Legislation requires
protection of sensitive data already
§ New EU-legislation is coming up – requirements for protection have been sharpened
§ Data Secure from EPI-USE Labs can mask any field – also Z-fields
§ Scrambling is available across the SAP landscape
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
The scrambling challenge
§ SAP customers from all industries are facing two big questions:
What do we need to scramble in which
non-production systems?
How do we do it?
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Functional consultant
“If we scramble everything that an auditor feels could be sensitive, the data will be useless for testing or training”
Auditor
“If we do not scramble enough of the sensitive information we could be in breach of legislation. We have a responsibility to our employees, customers and partners”
Challenge 1: What do we scramble?
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
EPI-USE Labs manages this with Data Secure J § Scrambling of data in non-production instances § Standalone - used on any client § Integrated - used with Client Sync
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Masking with Data Sync Manager
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
§ Automatic crosssystem masking of dependant data
§ Range of customizable scrambling rules and behaviors
§ Evidence to auditors that data protection is under control
§ Library of ready-to-go content
Cross-system masking*
* Tested at selected customers
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Secure ✓ Standard SAP Authorisations ✓ Additional Data Sync Manager role based
authorisations ✓ Data Scrambling on ANY field ✓ Cloning of data ✓ Enhanced Audit Trails
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Customer performance benchmarks Data Secure scrambled a standard profile of Employees, Vendors, Customers, Business Partners and Addresses for the following companies in record time.
Cuatrecasas (Spain) 0 hrs 52 mins 420 GB
BlueScope (Australia) 2 hrs 44 mins 1.24 TB
Ibermatica/ONCE (Spain) 2 hrs 23 mins 1.0 TB
COOP (Denmark) 0 hrs 12 mins 114 GB
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
992 393 Customers
25 mins
94 846 Vendors
1 600 000 Addresses
23 829 Employees
System size of 3.1 TB
272 849 Business Partners
Scambled in:
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Scrambling recommendations § Scrambling is a compromise which attempts to satisfy
two needs: § Fit-for-purpose testing data § Data protection compliance
§ Design a non-production SAP landscape strategy that determines, for each client, which data is permitted to be present, and if necessary, which should be scrambled
§ Manage authorisations in line with the strategy
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary. Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
A superior way of preventing insight into personal data
Visit my stand J
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
4TB 0.7TB 1TB +
= 5.7 TB
4TB 4TB 4TB + +
= 12 TB
Client Sync reduces the need for desk space and may leave sensitive data uncopied § selectively copy and scramble data on demand selectively copy and
scramble data on demand § save data storage space - up to 80%! § minimise the need for full refreshes and eliminate manual data
entry
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Client Sync: Transactional Data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Cross-system copying, watch it live J
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Data Sync Manager for HCM Secure and easy copying of SAP HCM data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Screenshots OS for HCM - animation
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
✓ Everything is there
▪ Infotype data - including custom Infotypes and relationships ▪ Payroll - including FI Postings and Payments files ▪ Time - including CATS / CATSDB ▪ All PD data (including PD Mass Copy) ▪ Appraisal Records (PHAP / HRHAP) ▪ Learning Solution / LSO Participation documents ▪ Trip / Travel Management ▪ Archive links ▪ Compensation Planning ▪ Custom Infotypes and relationships (PA and PD) ▪ PU12 interface data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Complete Integration
▪ Transfer of dependent information from EMPLOYEE Object: ▪ Related Cost Centres, ▪ Organisational Structures / Cost Centre Hierarchy ▪ LSO Participation Documents ▪ User (MSS/ESS) ▪ Vendor ▪ etc...
▪ Transfer/integration of other SAP module data ▪ GL Accounts ▪ Cost Centre Master ▪ Project (WBS Elements) ▪ Vendor ▪ Internal Orders ▪ etc....
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Client Sync implementation ▪ Execute Object Analysis Program
▪ Solutions Consultant provides a document on the requirements for the implementation
▪ Install the DSM transport
▪ Implement DSM - typically 5 days per module, 2 days for Data Secure/scrambling
▪ Tune performance and verify new target clients
▪ Provide training to Basis and Technical users
▪ Solutions Consultant supplies Summary Document with recommendations and benchmarks
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary. Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
A superior way of preventing insight into personal data
Visit stand A04-12 J
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Questions?
www.epiuselabs.com [email protected]
http://support.epiuse.com @EPIUSELabs
EPI-USE Labs EPI-USE_Labs