marknadsplats – compliance with the · pdf fileansvarig information assurance and risk...

Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.

Marknadsplats – compliance with the GDPR Karin Ejstrup – Business Development Manager, EPI-USE Labs


Introduction to EPI-USE Labs

Unique solutions, mobile apps, and integration of different systems with SAP environments

Custom development

1000+ employees specializing in SAP® and

SuccessFactors®

Part of the EPI-USE group

Third-party solutions for SAP ALM, HCM and more

SAP-certified products

Cloud project expertise Cloud managed hosting

Dedicated and innovative employees of

which 35% in R&D

SAP data-solution experts

Services Implementation, reporting,

landscape optimization, product support, and more


Our products Application Lifecycle Management

§  Data Sync Manager (DSM) §  System Builder §  Client Sync §  Object Sync §  Data Secure

§  EPI-USE Cloud Platform (ECP)

Human Capital Management

§  Query Manager §  Variance Monitor §  Pay Recon §  Advanced Time Process

Manager

ERP, CRM, SRM, GTS, BW, SCM, NW (HANA compatible)


Our services Landscape Transformation §  Company-code carve-outs §  HR system splits §  Mergers and Acquisitions S, BW, SCM)

Solution as a Service (SaaS)

§  Periodic test-system refreshes §  New system provisioning §  Ad-hoc data requirements §  Software-as-a-Service §  HCM-report writing


GDPR - General Data Protection Regulation

En utmaning – men EPI-USE Labs hjälper till J


EU regulation on protection of sensitive data (excerpt from article written by BDO*)

§  ”Alla bolag och organisationer med verksamhet är skyldiga att följa förordningen och hantera alla personuppgifter pa lämpligt sätt. ”

§  ”Det gäller naturligtvis alla personuppgifter som används i verksamheten t.ex. information om anställda, närmast anhörig och annan HR-information men glöm inte bort kunder, leverantörer, besökare pa hemsidan eller i webshoppen. Men också prospekts, marknadsföringsinformation eller annat som kan härledas till en nu levande person. ”

*Håkan Skyllberg, CISA Ansvarig Information Assurance and Risk Services, BDO



§  ”Det som kan vara unikt för SAP är att det vanligen finns flera parallella IT-miljöer uppsatta. Det är inte vanligt att det bara finns en produktionsmiljo utan kanske redundanta siter, system för QA, testmiljo och utvecklingssystem. Vilka personuppgifter behandlas här?”

§  ”Ett medgivande från den registrerade eller ett undantag för att få behandla personuppgifter gäller endast ett specifikt syfte och det syftet omfattar nästan aldrig att personuppgifter behandlas för att utveckla nya funktioner i affärssystem eller att personuppgifter körs i testsystem. ” *Håkan Skyllberg, CISA

Ansvarig Information Assurance and Risk Services, BDO


This is Data Sync Manager ▪  Certified by SAP

▪  No separate server, no separate middleware required

▪  Implemented in few days

▪  Works on all SAP applications (ERP, BW, SRM, CRM, SCM, GTS, NW; incl. HANA) and ERP industry solutions

▪  Works J - ask our customers – check out analysts’s reports*

Gartner Inc: Market Guide for SAP Selectie Test Data Management Tool, Sept 2015


Some of our clients


Excerpt from the latest Gartner Group report * §  ”The EPI-USE Labs Data Sync Manager (DSM) product suite ..... §  supports a very broad range of SAP applications and industry

solutions …. §  optimized to handle solutions based on SAP Hana ….. §  synchronized data copying and masking across complex SAP

system landscapes..... §  strong product support and consulting feedback from Gartner clients

using EPI-USE Labs products..... §  Data Secure provides an extensible set of masking rules for any

field with an SAP client. independently, or with Client Sync…... §  customer savings, including test data copy time reductions of more

than 90%, and more than 60% reduction in hardware costs claimed from recent projects."


Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary. Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.

A superior way of preventing insight into personal data

An appetizer - visit stand A04-12, attend my presentation J


This is Data Sync Manager ▪  Certified by SAP

▪  No separate server, no separate middleware required

▪  Implemented in few days

▪  Works on all SAP applications (ERP, BW, SRM, CRM, SCM, GTS, NW; incl. HANA) and ERP industry solutions

▪  Works J - ask our customers – check out analysts’s reports



Copying with Data Sync Manager

Integrated solution for SAP System, Client and Object copying


Masking with Data Sync Manager


4TB 0.7TB 1TB +

= 5.7 TB

4TB 4TB 4TB + +

= 12 TB

Client Sync reduces the need for desk space and may leave sensitive data uncopied §  selectively copy and scramble data on demand selectively copy and

scramble data on demand §  save data storage space - up to 80%! §  minimise the need for full refreshes and eliminate manual data

entry


Client Sync: Transactional Data


Cross-system copying, se det live på YouTube J


§  Automatic crosssystem masking of dependant data

§  Range of customizable scrambling rules and behaviors

§  Evidence to auditors that data protection is under control

§  Library of ready-to-go content

Cross-system masking*

* Tested at selected customers


Screenshots OS for HCM - animation


This is how Data Sync Manager works

Client-dependent Customization

Appl

icat

ion

Dat

a

Transaction Data

Master Data Use

r Mas

ters

Repository

Client-independent Customization

System Builder

Client Sync Object Sync


In comes scrambling

Client-dependent Customization

Appl

icat

ion

Dat

a

Transaction Data

Master Data Use

r Mas

ters

Repository

Client-independent Customization

Data Secure

Client Sync


Data Sync Manager for HCM Secure and easy copying of SAP HCM data


✓  Everything is there

▪  Infotype data - including custom Infotypes and relationships ▪  Payroll - including FI Postings and Payments files ▪  Time - including CATS / CATSDB ▪  All PD data (including PD Mass Copy) ▪  Appraisal Records (PHAP / HRHAP) ▪  Learning Solution / LSO Participation documents ▪  Trip / Travel Management ▪  Archive links ▪  Compensation Planning ▪  Custom Infotypes and relationships (PA and PD) ▪  PU12 interface data


Complete Integration

▪  Transfer of dependent information from EMPLOYEE Object: ▪  Related Cost Centres, ▪  Organisational Structures / Cost Centre Hierarchy ▪  LSO Participation Documents ▪  User (MSS/ESS) ▪  Vendor ▪  etc...

▪  Transfer/integration of other SAP module data ▪  GL Accounts ▪  Cost Centre Master ▪  Project (WBS Elements) ▪  Vendor ▪  Internal Orders ▪  etc....


Client Sync implementation ▪  Execute Object Analysis Program

▪  Solutions Consultant provides a document on the requirements for the implementation

▪  Install the DSM transport

▪  Implement DSM - typically 5 days per module, 2 days for Data Secure/scrambling

▪  Tune performance and verify new target clients

▪  Provide training to Basis and Technical users

▪  Solutions Consultant supplies Summary Document with recommendations and benchmarks


RS Components – savings


Edwards – savings


Next steps?

§  Mod visse grundoplysninger om jeres SAP systemlandskab – får I §  Et dokument om scrambling §  En demonstration af de løsninger, der kan være

relevante for jer §  En systemanalyse der indikerer mulige besparelser i

tid og databasestørrelse [email protected]

+45 2348 5245


GDPR - General Data Protection Regulation


GDPR – new, but building on previous directives and research on ”the new oil” §  1995: Directive 95/46/EC on the protection of individuals with regard

to the processing of personal data and on the free movement of such data

§  1998-2001: the directive turned into local legislation in the EU member states

§  2002: 2002/58/EC of the European Parliament and of the Council of 12, concerning the processing of persoanl data and the pretctoin of privacy in the electronic communications sector

§  2007-2012: Consensus on use of personal data via World Economic Forum and international political organisations. Research on the exploitation of data as “the new oil” accelerates, countries upgrade

§  2012: the Commission introduces Proposal for General Data Protection Regulation


Some of our articles on protection of sensitive data



§  ”Alla bolag och organisationer med verksamhet är skyldiga att följa förordningen och hantera alla personuppgifter pa lämpligt sätt. ”

§  ”Det gäller naturligtvis alla personuppgifter som används i verksamheten t.ex. information om anställda, närmast anhörig och annan HR-information men glöm inte bort kunder, leverantörer, besökare pa hemsidan eller i webshoppen. Men också prospekts, marknadsföringsinformation eller annat som kan härledas till en nu levande person. ”

*Håkan Skyllberg, CISA Ansvarig Information Assurance and Risk Services, BDO



§  ”Det som kan vara unikt för SAP är att det vanligen finns flera parallella IT-miljöer uppsatta. Det är inte vanligt att det bara finns en produktionsmiljo utan kanske redundanta siter, system för QA, testmiljo och utvecklingssystem. Vilka personuppgifter behandlas här?”

§  ”Ett medgivande från den registrerade eller ett undantag för att få behandla personuppgifter gäller endast ett specifikt syfte och det syftet omfattar nästan aldrig att personuppgifter behandlas för att utveckla nya funktioner i affärssystem eller att personuppgifter körs i testsystem. ” *Håkan Skyllberg, CISA

Ansvarig Information Assurance and Risk Services, BDO


More information §  General Data Protection Regulation, text in English,

Finnish, and Swedish §  http://data.consilium.europa.eu/doc/document/

ST-9565-2015-INIT/en/pdf §  http://data.consilium.europa.eu/doc/document/

ST-9565-2015-INIT/fi/pdf §  http://data.consilium.europa.eu/doc/document/

ST-9565-2015-INIT/sv/pdf §  Finnish Personal Data Act

§  https://www.finlex.fi/en/laki/kaannokset/1999/en19990523.pdf

§  Data Protection Ombudsman §  http://www.tietosuoja.fi/en/index/rekisterinpitajalle.html


Scrambling


Protection of sensitive data §  Legislation requires

protection of sensitive data already

§  New EU-legislation is coming up – requirements for protection have been sharpened

§  Data Secure from EPI-USE Labs can mask any field – also Z-fields

§  Scrambling is available across the SAP landscape


What is scrambling?


The scrambling challenge

§  SAP customers from all industries are facing two big questions:

What do we need to scramble in which

non-production systems?

How do we do it?


Functional consultant

“If we scramble everything that an auditor feels could be sensitive, the data will be useless for testing or training”

Auditor

“If we do not scramble enough of the sensitive information we could be in breach of legislation. We have a responsibility to our employees, customers and partners”

Challenge 1: What do we scramble?


EPI-USE Labs manages this with Data Secure J §  Scrambling of data in non-production instances §  Standalone - used on any client §  Integrated - used with Client Sync


Masking with Data Sync Manager


§  Automatic crosssystem masking of dependant data

§  Range of customizable scrambling rules and behaviors

§  Evidence to auditors that data protection is under control

§  Library of ready-to-go content

Cross-system masking*

* Tested at selected customers


Secure ✓  Standard SAP Authorisations ✓  Additional Data Sync Manager role based

authorisations ✓  Data Scrambling on ANY field ✓  Cloning of data ✓  Enhanced Audit Trails


Customer performance benchmarks Data Secure scrambled a standard profile of Employees, Vendors, Customers, Business Partners and Addresses for the following companies in record time.

Cuatrecasas (Spain) 0 hrs 52 mins 420 GB

BlueScope (Australia) 2 hrs 44 mins 1.24 TB

Ibermatica/ONCE (Spain) 2 hrs 23 mins 1.0 TB

COOP (Denmark) 0 hrs 12 mins 114 GB


992 393 Customers

25 mins

94 846 Vendors

1 600 000 Addresses

23 829 Employees

System size of 3.1 TB

272 849 Business Partners

Scambled in:


Scrambling recommendations §  Scrambling is a compromise which attempts to satisfy

two needs: §  Fit-for-purpose testing data §  Data protection compliance

§  Design a non-production SAP landscape strategy that determines, for each client, which data is permitted to be present, and if necessary, which should be scrambled

§  Manage authorisations in line with the strategy



Visit my stand J


4TB 0.7TB 1TB +

= 5.7 TB

4TB 4TB 4TB + +

= 12 TB

Client Sync reduces the need for desk space and may leave sensitive data uncopied §  selectively copy and scramble data on demand selectively copy and

scramble data on demand §  save data storage space - up to 80%! §  minimise the need for full refreshes and eliminate manual data

entry


Client Sync: Transactional Data


Cross-system copying, watch it live J


Data Sync Manager for HCM Secure and easy copying of SAP HCM data


✓  Everything is there

▪  Infotype data - including custom Infotypes and relationships ▪  Payroll - including FI Postings and Payments files ▪  Time - including CATS / CATSDB ▪  All PD data (including PD Mass Copy) ▪  Appraisal Records (PHAP / HRHAP) ▪  Learning Solution / LSO Participation documents ▪  Trip / Travel Management ▪  Archive links ▪  Compensation Planning ▪  Custom Infotypes and relationships (PA and PD) ▪  PU12 interface data


Complete Integration

▪  Transfer of dependent information from EMPLOYEE Object: ▪  Related Cost Centres, ▪  Organisational Structures / Cost Centre Hierarchy ▪  LSO Participation Documents ▪  User (MSS/ESS) ▪  Vendor ▪  etc...

▪  Transfer/integration of other SAP module data ▪  GL Accounts ▪  Cost Centre Master ▪  Project (WBS Elements) ▪  Vendor ▪  Internal Orders ▪  etc....


Client Sync implementation ▪  Execute Object Analysis Program

▪  Solutions Consultant provides a document on the requirements for the implementation

▪  Install the DSM transport

▪  Implement DSM - typically 5 days per module, 2 days for Data Secure/scrambling

▪  Tune performance and verify new target clients

▪  Provide training to Basis and Technical users

▪  Solutions Consultant supplies Summary Document with recommendations and benchmarks



Visit stand A04-12 J


Questions?

www.epiuselabs.com [email protected]

http://support.epiuse.com @EPIUSELabs

EPI-USE Labs EPI-USE_Labs