The document discusses challenges and solutions for anonymizing personal data in SAP systems to comply with the GDPR. It describes fields of action for anonymizing data in test, training, and production systems. The document also provides an overview of Natuvion's Test Data Anonymization solution for pseudonymizing data across connected SAP systems in a centralized and rule-based manner.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
Enterprise Security Architecture was initially targeted to address two problems
1- System complexity
2- Inadequate business alignment
Resulting into More Cost, Less Value
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
Enterprise Security Architecture was initially targeted to address two problems
1- System complexity
2- Inadequate business alignment
Resulting into More Cost, Less Value
Data Security & Data Privacy: Data AnonymizationPatric Dahse
As data and security and data privacy experts in SAP, Natuvion presents a solution to help comply with data protection conformity. Pressure to create data protection conformity persistently increases in the context of the new Data Protection Act.
Our Test Data Anonymization tool (TDA) offers the possibility to eliminate the standard method of SAP Test, Training and/or project systems being built on a complete copy of the production system. The problem with this method is that fragile and comprehensive data is easily accessible for internal and external employees to see therefore, putting a company at risk of costly fines for breaches of GDPR. Instead, Natuvion’s TDA tool quickly offers test data completely anonymized, allowing data to be protected.
In this webinar, we will explain why data should be anonymized, what is the scope as well as key features. We will also go through an example of how this tool works along with how a typical implementation takes place.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Alan McSweeney
Your data has value to your organisation and to relevant data sharing partners. It has been expensively obtained. It represents a valuable asset on which a return must be generated. To achieve the value inherent in the data you need to be able to make it appropriately available to others, both within and outside the organisation.
Organisations are frequently data rich and information poor, lacking the skills, experience and resources to convert raw data into value.
These notes outline technology approaches to achieving compliance with data privacy regulations and legislation while providing access to data.
There are different routes to making data accessible and shareable within and outside the organisation without compromising compliance with data protection legislation and regulations and removing the risk associated with allowing access to personal data:
• Differential Privacy – source data is summarised and individual personal references are removed. The one-to-one correspondence between original and transformed data has been removed
• Anonymisation – identifying data is destroyed and cannot be recovered so individual cannot be identified. There is still a one-to-one correspondence between original and transformed data
• Pseudonymisation – identifying data is encrypted and recovery data/token is stored securely elsewhere. There is still a one-to-one correspondence between original and transformed data
These technologies and approaches are not mutually exclusive – each is appropriate to differing data sharing and data access use cases
The data privacy regulatory and legislative landscape is complex and getting even more complex so an approach to data access and sharing that embeds compliance as a matter of course is required.
Appropriate technology appropriately implemented and operated is a means of managing and reducing risks of re-identification by making the time, skills, resources and money necessary to achieve this unrealistic.
Technology is part of a risk management approach to data privacy. There is wider operational data sharing and data privacy framework that includes technology aspects, among other key areas. Using these technologies will embed such compliance by design into your data sharing and access facilities. This will allow you to realise value from your data successfully.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
Data Security & Data Privacy: Data AnonymizationPatric Dahse
As data and security and data privacy experts in SAP, Natuvion presents a solution to help comply with data protection conformity. Pressure to create data protection conformity persistently increases in the context of the new Data Protection Act.
Our Test Data Anonymization tool (TDA) offers the possibility to eliminate the standard method of SAP Test, Training and/or project systems being built on a complete copy of the production system. The problem with this method is that fragile and comprehensive data is easily accessible for internal and external employees to see therefore, putting a company at risk of costly fines for breaches of GDPR. Instead, Natuvion’s TDA tool quickly offers test data completely anonymized, allowing data to be protected.
In this webinar, we will explain why data should be anonymized, what is the scope as well as key features. We will also go through an example of how this tool works along with how a typical implementation takes place.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Alan McSweeney
Your data has value to your organisation and to relevant data sharing partners. It has been expensively obtained. It represents a valuable asset on which a return must be generated. To achieve the value inherent in the data you need to be able to make it appropriately available to others, both within and outside the organisation.
Organisations are frequently data rich and information poor, lacking the skills, experience and resources to convert raw data into value.
These notes outline technology approaches to achieving compliance with data privacy regulations and legislation while providing access to data.
There are different routes to making data accessible and shareable within and outside the organisation without compromising compliance with data protection legislation and regulations and removing the risk associated with allowing access to personal data:
• Differential Privacy – source data is summarised and individual personal references are removed. The one-to-one correspondence between original and transformed data has been removed
• Anonymisation – identifying data is destroyed and cannot be recovered so individual cannot be identified. There is still a one-to-one correspondence between original and transformed data
• Pseudonymisation – identifying data is encrypted and recovery data/token is stored securely elsewhere. There is still a one-to-one correspondence between original and transformed data
These technologies and approaches are not mutually exclusive – each is appropriate to differing data sharing and data access use cases
The data privacy regulatory and legislative landscape is complex and getting even more complex so an approach to data access and sharing that embeds compliance as a matter of course is required.
Appropriate technology appropriately implemented and operated is a means of managing and reducing risks of re-identification by making the time, skills, resources and money necessary to achieve this unrealistic.
Technology is part of a risk management approach to data privacy. There is wider operational data sharing and data privacy framework that includes technology aspects, among other key areas. Using these technologies will embed such compliance by design into your data sharing and access facilities. This will allow you to realise value from your data successfully.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
25 May 2018, the General Data Protection Regulation (GDPR) deadline, is less than 6 months away.
As the attention on the regulation is at the top, there is now a growing concern for any organization that is affected by.
We would like to invite you to join our webinar to share with you our approach and help your organization and you document repository to be compliant with GDPR.
During the webinar, our special guests, George Parapadakis – Business Solutions Strategy, Alfresco and Bart van Bouwel – Managing Partner, CDI-Partners, will provide you with:
- How to implement GDPR in your document repository
- How the Alfresco Digital Business Platform can help your organization to be compliant with GDPR
- Xenit approach: a managed shared drive
-Xenit demonstration
-Top tips to start preparing for the GDPR.
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.
Date: 15th November 2017
Location: AI Lab Theatre
Time: 16:30 - 17:00
Speaker: Elisabeth Olafsdottir / Santiago Castro
Organisation: Microsoft / Keyrus
How to minimize scope for gdpr data protection compliance when using cloud se...Dirk Rünagel
With eperi Cloud Data Protection (CDP), you as a cloud user remain in control of all your data protection processes and ensure that your organization’s data protection compliance guidelines are centrally enforced.
eperi Cloud Data Protection is the only solution in the market that allows you to encrypt data in common business cloud applications while retaining their functionalities – like searching for specific content in archived Office 365 emails or using Salesforce reporting features.
All these functionalities remain while your sensitive information is stored only in an encrypted format. For you as a customer of a cloud application such as Office 365 or Salesforce, this means you are able to use all functionalities of innovative cloud applications without compromises due to data protection and compliance requirements. Your sensitive information stored in the cloud is protected against unauthorized access at all times.
GDPR Compliance: The eperi Gateway protects supplier data
A public organisation wants to store their files, among them surveillance videos and VM images, in the cloud. Due to Personally Identifiable Information (PII) being affected, the information has to be pseudonymised according to the EU General Data Protection Regulation (GDPR). With the eperi Gateway, the public organisation is able to encrypt and tokenise their data before it is sent to the cloud for processing.
2022-09-13 kreuzwerker Atlassian - Navigating GDPR and BaFin in the Cloud.pdfkreuzwerker GmbH
Webinar "Navigating GDPR and BaFin Compliance of Atlassian Cloud" with Daniel Meisen, kreuzwerker and Sascha Wiswedel, Atlassian.
---
A quick overview of the most important governance, risk and compliance aspects of the Atlassian SaaS Cloud across all plans.
---
This webinar is for everyone who is interested in the Atlassian Cloud. How can Atlassian customers move to the Atlassian Cloud with Jira, Confluence and Jira Service Management with confidence and GDPR / BaFin compliant? Well, of course, you still need to take some action to check all boxes in regards to the cloud outsourcing guidelines.
The Atlassian Enterprise Cloud including EU Financial Services Addendum (“EU FSA”) is now also available with a lower user tier. Good news for all FinTechs that are scaling and still have fewer than 800 employees.
+++Agenda+++
A quick overview of the most important governance, risk and compliance aspects of the Atlassian SaaS Cloud across all plans.
- Intro
- Atlassian Enterprise Cloud
- Navigating GDPR and BaFin Compliance
---
About the speaker:
Daniel Meisen, Co-CEO kreuzwerker, Atlassian Expert.
Daniel Meisen is Co-CEO at kreuzwerker GmbH and Atlassian expert by heart. For more than 15 years, he has worked with Atlassian tools and is responsible for Managed Hosting and Managed Services.
Sascha Wiswedel, Pre-Sales Solutions Engineer at Atlassian.
He accompanies enterprise customers into the cloud and specialises in security, compliance and data protection.
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...PaaSword EU Project
This is a paper presentation held by Dr. Simone Braun at the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) in Limassol, Cyprus. This paper aims at defining a roadmap to derive a holistic framework providing data privacy and security by design in the context of cloud-based multi-tenant customer relationship management (CRM) systems. As a CRM system developed for SMEs CAS PIA serves as an example for typically occurring data structures and use cases including the innovative concept of user-defined security levels for different data types. A scenario and requirements analysis for motivating the need for a suitable user-context-specific security concept and a data and privacy preserving framework is presented.
Janneke Breeuwsma (Arthur’s Legal) @ SLA-Ready Workshop in Cluj-Napoca, Romania (3 November 2016)
Be part of our next workshop in Brussels http://bit.ly/2fVcCG7 .
SureSkills GDPR - Discover the Smart Solution Google
In today’s digital business, information is currency. But is your data really protected and delivering value? How can you gain competitive advantage, while ensuring you stay compliant with the onerous upcoming EU General Data Protection Regulation?
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES.eu
The following presentation was given at the workshop "From data protection and privacy to fairness and trust: the way forward" co-organized by e-SIDES at EBDVF 2018 in Vienna on November 14, 2018. The workshop, chaired by Jean-Cristophe Pazzaglia (SAP - BDVe) and Richard Stevens (IDC - e-SIDES), included a panel discussion with representatives from PAPAYA, SPECIAL and My Health My Data projects.
SAP Cloud for Energy Webinar Series Part 1Patric Dahse
In this webinar series we will present an overview of how Cloud for Energy can improve your Utilities Landscape. We will also reveal never before seen previews of how your transformed landscape could look like.
Join us to discuss:
- SAP's Investment Focus Topics for Utilities
- SaaS Portfolio as an alternative for S/4HANA for Utilities on Premise
- The SAP Cloud for Energy Solution
- Demo: Mock-up of UI for Meter Data Specialist
Die DSGVO stellt hohe Ansprüche an den Umgang mit personenbezogenen Daten. Dazu gilt es zuerst die personenbezogenen Daten in den Systemen zu identifizieren. Gerade in einem SAP Business Warehouse, in dem neben Standard Content Objekten auch eigene Entwicklungen vorhanden sind, kann das schwierig sein. Natuvion stellt Ihnen eine Möglichkeit vor wie Sie personenbezogene Daten im System ermitteln können. Melden Sie sich für unsere nächstes Webinar an: https://attendee.gotowebinar.com/register/482810243902567682
Webinar mit TakeASP: Ent-personalisierungPatric Dahse
Für bestimmte Geschäftsprozesse erfordert die DSGVO einen anderen Umgang mit personenbezogenen Daten in SAP Test- , Demo- und Entwicklungssystemen. In unserem Webinar führen der SAP- und Datenschutzexperte Patric Dahse von Natuvion und Rechtsanwalt Benjamin Spies von SKW Schwarz durch das wichtige Thema.
Nutzen Sie unser Webinar für anschauliche und verständliche Antworten auf die spezifischen Themen, die Sie im Rahmen der Ent-Personalisierung in SAP-Systemen beschäftigen.
Hier können Sie unsere Webinar anschauen: https://register.gotowebinar.com/recording/2858737223737704193
Wie laufen Prozesse im Unternehmen wirklich ab? Wie wird der Einkauf gelebt? Patric Dahse
Turn on the Lights: Celonis Process Mining nutzt die digitalen Fußspuren in Ihren IT Systemen und ermöglicht so 100% Transparenz über Ihre Unternehmensprozesse. Lernen Sie mehr in unserem Webinar!
Improve Data Protection and Compliance with UI-Level Logging and MaskingPatric Dahse
For more info about how Natuvion can help with GDPR, visit us on our site: https://natuvion-gdpr.com/
This session highlights two solutions from SAP that can help you increase protection from data theft, and support corporate efforts to comply e.g. with General Data Protection Regulation (GDPR).
Discover how you can benefit from enhanced data access logging and field masking, see the systems in action and get answers to questions around prerequisites, implementation, and operation!
UI-basierte Datenschutz | SAP UI Logging & Masking (Deutsch)Patric Dahse
In diesem Webinar bekommen Sie Einsichten in zwei Lösungen von SAP, die den Schutz vor Datendiebstahl erhöhen und Unternehmungen unterstützen können, legale Anforderungen wie durch EU-DSGVO einzuhalten.
Neben einer Produktvorstellung und Systemdemo steht der Produktmanager Rede und Antwort zu Fragen rund um Anforderungen, Implementierung und Einsatzmöglichkeiten der Lösungen.
Data Security und Data Privacy: Read Access LoggingPatric Dahse
Die Möglichkeit transparent und umgehend Datenschutzverletzungen oder Sicherheitslücken auswerten bzw. aufdecken zu können ist in einer modernen digitalen Systemlandschaft eine funktionale Notwendigkeit. Das SAP Read Access Logging Framework (RAL) ermöglicht es innerhalb von SAP-Systemlandschaften, den Zugriff auf sensible Daten/ Felder zu überwachen und zu protokollieren. Die Überwachung kann auf unterschiedlichen Ebenen und Eingangskanälen erfolgen. Es können Zugriffe über die Benutzeroberflächen sowie über Services und Funktions- / Programmaufrufe überwacht werden.
Эксперт в сфере приватности и безопасности САП, Natuvion GmbH, представляет соответствующую законам, всеобъемлющую и консистентную псевдoнимизацию системных ландшафтов САП. Обычно вторичные системы САП являются полной копией продуктивных систем и, как следствие, содержат личные данные, что само по себе является грубым нарушением использования личных данных в соответствии с Основным Регламентом по Безопасности Данных Европейского Союза (EU-GDPR). ОРБД при определенных обстоятельствах применим и к компаниям, зарегистрированным за пределами Европейского Союза.
Мы предлагаем Вам сертифицированное программное решение для консистентной и соответствующей законам псевдoнимизации отдельных систем САП (к примеру, IS-U, CRM, BW, HCM), а также всего системного ландшафта САП. В рамках нашей интернет-трансляции (webcast) мы покажем Вам, почему данные должны быть анонимизированны и на какие функции стоит обратить особое внимание при выборе системного решения.
Хотите узнать больше? Тогда регистрируйтесь на наш вебинар (онлайн-семинар)!
Мы будем рады Вашему участию и увлекательной дискуссии.
Webcast Security & Data Privacy: AnonymizationPatric Dahse
Wir stellen Ihnen eine zertifizierte Softwarelösung zum konsistenten und gesetzeskonformen Pseudonymisieren von SAP Systemen sowie ganzen SAP Systemlandschaften vor. In unserem Webinar zeigen wir Ihnen auf, warum Daten überhaupt anonymisiert werden müssen und auf welche Funktionen man bei der Lösungsauswahl achten sollte.
Doing Business in Europe? GDPR: What you need to know and doPatric Dahse
General Data Protection Regulation (GDPR) will become effective on the 25th of May 2018. IT leaders are required to be compliant on that date but may not yet be aware of its consequences such as time-consuming investigations and hefty fines of over €20 million.
Considering the short preparation period and the broad changes resulting from the GDPR, this webinar provides 12 simple steps to discover how to inventory your SAP data repositories and safely process personal data so that you can begin to better scope your GDPR readiness project.
How is GDPR relevant for US companies Patric Dahse
GDPR Road-Map and Prioritization for SAP System Landscapes
Doing Business in Europe?EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.What you need to know and do by Friday, May 25, 2018.
Webcast Nr. 3 - Java Entwicklung mit der SAP Cloud PlatformPatric Dahse
Bei der Entwicklung von Cloud-Anwendungen gilt es eine Vielzahl unterschiedlicher Werkzeuge zu verstehen, die sich in den vergangenen Jahren zu einem De-Facto Standard entwickelt haben. Im zweiten Teil unserer vierteiligen Webinar-Serie zeigen wir Ihnen, welche dieser Werkzeuge typischerweise zum Einsatz kommen.
Melden Sie sich gleich zu unserem nächsten Webinar an: https://attendee.gotowebinar.com/register/7160045394797243907
Webcast SAP Cloud Platform 2 - Developing ToolsPatric Dahse
Bei der Entwicklung von Cloud-Anwendungen gilt es eine Vielzahl unterschiedlicher Werkzeuge zu verstehen, die sich in den vergangenen Jahren zu einem De-Facto Standard entwickelt haben.
Im zweiten Teil unserer vierteiligen Webinar-Serie zeigen wir Ihnen, welche dieser Werkzeuge typischerweise zum Einsatz kommen.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Mind map of terminologies used in context of Generative AI
GDPR compliant data anonymization / pseudonymization
1. Data Security and Data Privacy
Natuvion Webcast (4) – Data Anonymization
Natuvion GmbH – 08.2017
2. AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
2
3. AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
3
4. Since 2014, NATUVION supports customers with our experience and expertise in
digitalization
4
Founded in 2014 as an owner-managed consulting company
specializing in utilities, transformation and security
Office locations: Walldorf, Berlin, München, Vienna(AT),
Philadelphia(US)
Company size: > 55 Employees
Expertise of consultants: > 75 % SAP certified & Ø 12 years Utilities and
SAP
SAP Gold Partner
SAP Recognized Expertise in Utilities
SAP Landscape Transformation
Long-term partner of the largest energy suppliers in Germany
Services / Skills
Strategic IT-Management
IT Consulting for Utilities Industry
SAP Transformation & Data Services
SAP Security & Data Privacy / Protection
Business Intelligence / Analytics
Natuvion Gruppe
In-depth experience in
implementation of DS-GVO / GDPR
requirements
Strategic partnership with SAP Data
Protection and Privacy
Development Teams – ILM / IRF /
Consent
Close & long-term partnership with
IT / data protection law experts
Complete understanding of the
processes and requirements from a
business, IT and data privacy
perspective
Own certified solutions specifically
for consistent data erasure,
information and anonymization
Designated data protection and
privacy expertise (solutions)
Designated Transformation
expertise
Success Factors
Conception & introduction of
anonymization (IS-U / CRM)
Group-wide roll-out of a system
anonymization (CRM / IS-U /
ERP / HCM)
Selective data deletion (IS-U /
CRM / ERP / BW)
Deletion concept of DS-GVO /
GDPR (SAP System landscape)
IT and process concept
conformity of affected persons
rights according to DS-GVO /
GDPR (Information and
Transparency)
System and data
decommissioning with SAP ILM
Concept and implementation
information (SAP IRF)
Relevant References
Natuvion – Your specialist for the implementation and requirements of the GDPR / DS-GVO
Data Security und Data Privacy in SAP - Data Anonymization
5. Natuvion Webcasts
Overview of the webcast series „Data Security and Data Privacy"
Data Security und Data Privacy in SAP - Data Anonymization5
1
1 hr.
The webcast series „Data Security and Data Privacy in SAP“ offers an outstanding overview of the actions and
implementation possibilities in accordance to the EU-GDPR / EU-DSGVO.
EU-DSGVO/ GDPR Onboarding
Legal overview and basic structuring of the fields of
action (1 hour)
2
45 min.
Deletion of Existing Historical Data
Consistent deletion of mass data in SAP system
landscapes (30 minutes)
3
45 min.
Simple Locking and Deletion
Overview and experiences with the introduction of
SAP Information Lifecycle Management (30 minutes)
4
45 min.
Anonymization / Pseudonymization
Background, challenges and implementation of a
DSGVO / GDPR compliant anonymization
5
30 min.
Data Reporting / Transparency
DSGVO / GDPR compliant data transfer from
conception to implementation - SAP IRF
6
45 min.
Consent / Approval
DSGVO / GDPR complient approval concept and
introduction – SAP CONSENT
7
45 Min.
Privacy Impact Assessment
How can PIAs be implemented and continue to exist?
6. Natuvion Webcasts
Overview of the webcast series „Data Security and Data Privacy"
Data Security und Data Privacy in SAP - Data Anonymization6
1
1 hr.
The webcast series „Data Security and Data Privacy in SAP“ offers an outstanding overview of the actions and
implementation possibilities in accordance to the EU-GDPR / EU-DSGVO.
EU-DSGVO/ GDPR Onboarding
Legal overview and basic structuring of the fields of
action (1 hour)
2
45 min.
Deletion of Existing Historical Data
Consistent deletion of mass data in SAP system
landscapes (30 minutes)
3
45 min.
Simple Locking and Deletion
Overview and experiences with the introduction of
SAP Information Lifecycle Management (30 minutes)
4
45 min.
Anonymization / Pseudonymization
Background, challenges and implementation of a
DSGVO / GDPR compliant anonymization
5
30 min.
Data Reporting / Transparency
DSGVO / GDPR compliant data transfer from
conception to implementation - SAP IRF
6
45 min.
Consent / Approval
DSGVO / GDPR complient approval concept and
introduction – SAP CONSENT
7
45 min.
Privacy Impact Assessment
How can PIAs be implemented and continue to exist?
7. AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
7
8. Pressure to create data protection conformity persistently increases in the context of the
new Data Protection Act.
8 Data Security und Data Privacy in SAP - Data Anonymization
Fines range from EUR 50.000 to 300.000 per
violation (violations can be cumulated)
Deletion of personal data acquired and processed
for a particular purpose must be deleted as soon
as the knowledge of this data is no longer required
for that purpose.
Information: The responsible body must provide
the person concerned, on request and free of
charge, with information on all stored data with
reference to persons, recipients and the purpose
of the storage.
• (changed) Fines range up to the higher of 20 M€ or 4% of total
worldwide annual turnover of affected companies.
• (new) Right to data portability (Art. 20 GDPR)
• (new) Privacy by Design and by Default (Art. 25 DS-GVO)
• (changed) ‘Right to be forgotten’ (Art. 17 GDPR) far exceeds the
current right to deletion.
• (changed) Obligations regarding transparency and disclosure (Art.
12 – 15 GDPR) extend the current right to disclosure (e.g.
www.selbstauskunft.net ).
• (new) Data Protection Impact Assessment (Privacy Impact
Assessments, Art. 35 DS-GVO)
§ Data Protection by May 2016 (Summary) § Data Protection by May 2018 (Summary)
9. AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
9
10. Data Security und Data Privacy in SAP - Data Anonymization10
The use of personal data in energy management systems leads to four concrete fields of
action.
Uses of personal data in energy management IT systems:
Fields of Action
Comprehensive real data in
project / test and training
systems
Historical data in productive
systems
Extensive database of process
execution
SAP Test, Training and/or project
systems are built on a complete
copy of the production system.
The access to data is possible at
any time fully and partially
depending on the authorization.
After the processing of data,
contracts or service contracts,
customer data is passed on to new
service providers.
The historical data remains current
and in the respective production
systems.
Processes for acquisition and
contract processing generate data.
The use of this data is legitimate for
the respective purpose.
After the process has been
completed, the data is still available
without restriction
Test and project system only
with anonymous data
Personal data after expiration of legitimation to be deleted
Anonymization training and
testing system
Delete historical data
Lock and implement
continuous data managment
1
Customer requests to provide
information
Requests for information about the
affected persons concerning the
storage and processing of their
personal data.
Information is currently available as
a manual process and information
can only be provided with high
effort and usually not in the legally
prescribed format.
Structured, IT-supported
processing
2 3 Request for information
about personal data
4
11. Example of Initial Situation
Initial example of actual IT process & system landscape
11
Historical data in productive
systems
After the processing of data,
contracts or service contracts,
customer data is passed on to new
service providers.
The historical data remains current
and in the respective production
systems.
Extensive database of
process execution
Processes for acquisition and
contract processing generate data.
The use of this data is legitimate
for the respective purpose.
After the process has been
completed, the data is still
available without restriction
Customer requests to provide
information
Requests for information about the
affected persons concerning the
storage and processing of their
personal data.
Information must be provided in a
structured, electronic form with the
following specifics; the place, the
reason and the recipient as well as
the duration of the storage / deletion
criteria.
Comprehensive real data in
project / test and training
systems
SAP Test, Training and/or project
systems are built on-a complete
copy of the production system.
Extensive access to data is
possible.
(1) To be implemented
(2) To be implemented
(3) To be implemented
6
4
3
1
Company codes in system
with verified legitimation
77.000
4.200.000
ChangeInterested Persons Inactive
1.150.000
400
With
supervision
Critical
Currently
aabout. 120 p.a.
Access – dark figure
Data surveys with legitimation to be
verified
(Current year)
Req. for info. (§ 34 BDSG)
Supervision (§ 38 BDSG)
* Number of inquiries across all service providers currently
can not be determined
* Change = Rejected bills of exchange and storage of data
(3) To be implemented
1 2 3 4
Companies
Real data in secondary system
(Access restricted / restricted access / data
anonymized)
16
4
2
475.000 Customers
Extensive Limited Anonym.
Data Security und Data Privacy in SAP - Data Anonymization
12. On the way to data privacy compliance?
Anonymization / pseudonymization
Data Security und Data Privacy in SAP - Data Anonymization12
Why does data need to be anonymized / pseudonymized?
Risk
( 1 )
Project- / Test System
( 3 )
Quality System
( 2 )
Training System
• Project / test systems are built as a copy of the productive system.
• The authorization structure in this system is usually not very strict.
• Both internal and external employees have extensive access to data and processes.
• Technical data access / direct database access is often possible.
• Training systems are built as a copy of the productive system.
• The authorization structure in this system is usually mediocre, depending on the training.
• Usually only internal employees are trained.
• Technical access to the data is usually not possible.
• Quality assurance systems are built as a copy of the productive system.
• The authorization structure in this system is usually very strict.
• Usually, internal employees have access to these systems.
• Technical access to the data is usually not possible.
Probability
DamagePotential
2
3
1
13. Personal data may not be used for a test execution of IT software.
Data Security und Data Privacy in SAP - Data Anonymization
Comprehensive real data in project, test and training systems
"[..] Software and IT procedures are to be checked
with systematically developed case constellations
(test data, no personal data) according to a test plan,
from which the desired result emerges.
Mass tests can, if necessary, be carried out with
anonymized original data after approval and
specifications of the competent authority.
The approval of the responsible authority for the
anonymization of original data and all test results
must be documented in a revision-proof manner.
Source: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/
Inhalt/_content/m/m02/m02509.html
IT Baseline Protection Catalogs
13. EL on 2013, M 2.509):
13
In SAP test- or project systems, no personal data may be held. All
test procedures must be carried out with anonymous data.
SAP CRM
Production
CRM
SAP
ERP / IS
Production
ERP
SAP CRM
Devel.
CRM
SAP
ERP / IS
Devel.
ERP
SAP CRM
Test
CRM
SAP
ERP / IS
Test
ERP
Project-
system
CRM
Training-
system
CRM
Project-
system
ERP
Training-
system
IS-
UER
P
Sandbox-
system
CRM
Sandbox-
system
ERP
Sample of SAP System Landscape
14. AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
14
15. Challenges & Solutions
Known challenges in pseudonymization
Data Security und Data Privacy in SAP - Data Anonymization15
Common Challenges Solutions
Networked Systems
Coherent systems must also have a synchronized database after pseudonymization.
Completeness
The pseudonymization must take all personal data into account (customer
developments and add-ons).
Speed
The performance of a system changeover / anonymization is based on the deciding
factor of feasibility. The pseudonymization must have no noticeable influence on the
established processes.
Sustainability & Complexity
An SAP system landscape is subject to constant change. Data structures are modified
and new data structures are added which may contain data with a person reference.
External Systems / Interfaces
Interfaces to non-SAP systems are subject to increased attention in the context of
pseudonymization. At this point, problems can arise in the testability / functionality of
the processes.
TDMS
(SAP SE)
TDA
(Natuvion)
EDA
(Natuvion)
Rule-based data scrambling
Single systems can be pseudonymized or
anonymized.
Central control via a control system possible
(SOLMAN)
Rule-based pseudonymization
System landscapes or individual systems can be
selectively or completely pseudonymized.
Templates for ERP / CRM / HCM / IS-U
Central control of any SAP system
Rule-based pseudonymization and anonymization
Individual systems can be selectively
pseudonymized or anonymized.
Templates for IS-U / CRM
Central control of any SAP system
16. Scope of Anonymization
Example of anonymization SAP ERP-IS-U / CRM
Data Security und Data Privacy in SAP - Data Anonymization16
0
20
40
60
80
100
120
140
160
180
200
ERP CRM
Relevant fields with personal
data
Standard Customer
Stammdaten Transaction Data Customer-specific Developments
Names
Replace Rule-based, Blend, Generate,
Delete
Bank details
Substitute Rule-based, generation, mixing
of business customers, deletion
Date of Birth
Generate Rule-based, setting of ranges,
deletion
Addresses
Centralized, overlapping address
assignment
Communication Structures
Replace Rule-based, Blend, Generate,
Delete
Service Provider
Replace Rule-based, Blend, Generate,
Delete
SEPA-Mandates
Consistent adaptation to the master data
Returns/Repayment Request
Consistent adaptation to the master data
Payment Lot
Consistent adaptation to the master data
Payment Program
Consistent adaptation to the master data
CRM-Activities and IS-U Contacts
Automated content-dependent
search of data fields with reference
to a person
Integration of these fields into rule-
dependent field modification
17. Test Data Anonymization (TDA)
Natuvion’s Solution: Overview
Key Features of the Solution Quickly supply test systems with anonymized data
Comprehensive pseudo/full anonymization on ABAP-based
systems
Anonymization of non SAP solutions (databanks) possible
Use of value tables for using real values
Extremely high conversion performance (e.g. 14 Mil. Partners
within 8 Hrs.)
Supply data across system boundaries, to ensure the consistency
of the transferred data at all times
Economically & legally certified solution
Compatable with NW 7.0 systems and up
Distinctive data models for ERP / IS-U / FI-CA / CRM / HCM / BW
17 Data Security und Data Privacy in SAP - Data Anonymization
18. TDA – Test Data Anonymization
Practical Demonstration of a Pseudonymization
Data Security und Data Privacy in SAP - Data Anonymization18
Selection
Transformation
Application perspective
Administration perspective
Data before the anonymization
Data after the anonymization
?
19. The data anonymization can be
performed centrally from one system
for all connected synchronously or on
each system asynchronously.
TDA – Test Data Anonymization
Practical Demonstration of a Pseudonymization
Data Security und Data Privacy in SAP - Data Anonymization19
Connected System
Customer-Specific
Developments
All Personal data must be taken into
account. This also affects proprietary
developments and add-ons.
Sustainability
The permanent changes to the
system landscape / data structures
must be taken into account in the
solution without carrying out
continuous development activities.
Storage tables can be supplemented
easily and flexibly.
Performance
System anonymization within a
quality or test system must be
achievable in a minimum runtime
frame.
…
Vertrag
Aktivität
PartnerReleati. Connec.
Act.
…
… … …
ERP CRM
20. Introduction TDA
The implementation of the solution can be carried out in a short and manageable project framework.
Data Security und Data Privacy in SAP - Data Anonymization20
Concept Test Position Individualization GoLive Support
Introduction Data
anonymization in the FB and
record additional
requirements if necessary
Survey of relevant process,
authorization or UI
adjustments
Delivery of transport orders
Carry out the necessary
standard customizing
Create rules and variants
Display of additional functions
/ selection features
Customizing as a coaching
approach
Development of customer-
driven developments / tables
Adaptation of variants
Test management
Test execution
Key user training
End user training
Going live
Stabilization
Certification of §9 BDSG
(optional)
Adhoc-Support
Support for additional
product extensions
Technical release updates
Updates for new features
2 - 3 PT 5 PT 10 – 15 PT 5 PT Support Contract
Project Duration: 6 – 10 Weeks 12 - 24 Months
2 - 3 PT 3 PT 3 - 2 PT 3 PT ----
Scope Test Environment Tailoring your solution Start of Regular Operation Support Contract
Typical Phases of Implementation
21. AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
21
22. Natuvion GmbH
Altrottstraße 31 | 69190 Walldorf
Fon +49 6227 73-1400
Fax +49 6227 73-1410
www.natuvion.com
We look forward to answering your questions and concerns!
Patric Dahse
Managing Director
Phone: +49 151 171 357 02
Mail: patric.dahse@natuvion.com
18 Data Security und Data Privacy in SAP - Data Anonymization
Visit us on our website!
Data Protection & Privacy
www.professional-system-security.com/
Natuvion
www.natuvion.com/