GDPR compliant data anonymization / pseudonymization

Data Security and Data Privacy
Natuvion Webcast (4) – Data Anonymization
Natuvion GmbH – 08.2017

AGENDA
Natuvion
Webcast Series Data Security and Data Privacy
Data Security and Privacy Policy
Fields of Action: Anonymization
Anonymization Solutions TDA
Contact
2

AGENDA
Natuvion
Contact
3

Since 2014, NATUVION supports customers with our experience and expertise in
digitalization
4
Founded in 2014 as an owner-managed consulting company
specializing in utilities, transformation and security
Office locations: Walldorf, Berlin, München, Vienna(AT),
Philadelphia(US)
Company size: > 55 Employees
Expertise of consultants: > 75 % SAP certified & Ø 12 years Utilities and
SAP
SAP Gold Partner
SAP Recognized Expertise in Utilities
SAP Landscape Transformation
Long-term partner of the largest energy suppliers in Germany
Services / Skills
 Strategic IT-Management
 IT Consulting for Utilities Industry
 SAP Transformation & Data Services
 SAP Security & Data Privacy / Protection
 Business Intelligence / Analytics
Natuvion Gruppe
In-depth experience in
implementation of DS-GVO / GDPR
requirements
Strategic partnership with SAP Data
Protection and Privacy
Development Teams – ILM / IRF /
Consent
Close & long-term partnership with
IT / data protection law experts
Complete understanding of the
processes and requirements from a
business, IT and data privacy
perspective
Own certified solutions specifically
for consistent data erasure,
information and anonymization
Designated data protection and
privacy expertise (solutions)
Designated Transformation
expertise
Success Factors
Conception & introduction of
anonymization (IS-U / CRM)
Group-wide roll-out of a system
anonymization (CRM / IS-U /
ERP / HCM)
Selective data deletion (IS-U /
CRM / ERP / BW)
Deletion concept of DS-GVO /
GDPR (SAP System landscape)
IT and process concept
conformity of affected persons
rights according to DS-GVO /
GDPR (Information and
Transparency)
System and data
decommissioning with SAP ILM
Concept and implementation
information (SAP IRF)
Relevant References
Natuvion – Your specialist for the implementation and requirements of the GDPR / DS-GVO
Data Security und Data Privacy in SAP - Data Anonymization

Natuvion Webcasts
Overview of the webcast series „Data Security and Data Privacy"
Data Security und Data Privacy in SAP - Data Anonymization5
1
1 hr.
The webcast series „Data Security and Data Privacy in SAP“ offers an outstanding overview of the actions and
implementation possibilities in accordance to the EU-GDPR / EU-DSGVO.
EU-DSGVO/ GDPR Onboarding
Legal overview and basic structuring of the fields of
action (1 hour)
2
45 min.
Deletion of Existing Historical Data
Consistent deletion of mass data in SAP system
landscapes (30 minutes)
3
45 min.
Simple Locking and Deletion
Overview and experiences with the introduction of
SAP Information Lifecycle Management (30 minutes)
4
45 min.
Anonymization / Pseudonymization
Background, challenges and implementation of a
DSGVO / GDPR compliant anonymization
5
30 min.
Data Reporting / Transparency
DSGVO / GDPR compliant data transfer from
conception to implementation - SAP IRF
6
45 min.
Consent / Approval
DSGVO / GDPR complient approval concept and
introduction – SAP CONSENT
7
45 Min.
Privacy Impact Assessment
How can PIAs be implemented and continue to exist?

Natuvion Webcasts
Overview of the webcast series „Data Security and Data Privacy"
1
1 hr.
The webcast series „Data Security and Data Privacy in SAP“ offers an outstanding overview of the actions and
implementation possibilities in accordance to the EU-GDPR / EU-DSGVO.
EU-DSGVO/ GDPR Onboarding
Legal overview and basic structuring of the fields of
action (1 hour)
2
45 min.
Deletion of Existing Historical Data
Consistent deletion of mass data in SAP system
landscapes (30 minutes)
3
45 min.
Simple Locking and Deletion
Overview and experiences with the introduction of
SAP Information Lifecycle Management (30 minutes)
4
45 min.
Anonymization / Pseudonymization
Background, challenges and implementation of a
DSGVO / GDPR compliant anonymization
5
30 min.
Data Reporting / Transparency
DSGVO / GDPR compliant data transfer from
conception to implementation - SAP IRF
6
45 min.
Consent / Approval
DSGVO / GDPR complient approval concept and
introduction – SAP CONSENT
7
45 min.
Privacy Impact Assessment
How can PIAs be implemented and continue to exist?

AGENDA
Natuvion
Contact
7

Pressure to create data protection conformity persistently increases in the context of the
new Data Protection Act.
8 Data Security und Data Privacy in SAP - Data Anonymization
 Fines range from EUR 50.000 to 300.000 per
violation (violations can be cumulated)
 Deletion of personal data acquired and processed
for a particular purpose must be deleted as soon
as the knowledge of this data is no longer required
for that purpose.
 Information: The responsible body must provide
the person concerned, on request and free of
charge, with information on all stored data with
reference to persons, recipients and the purpose
of the storage.
• (changed) Fines range up to the higher of 20 M€ or 4% of total
worldwide annual turnover of affected companies.
• (new) Right to data portability (Art. 20 GDPR)
• (new) Privacy by Design and by Default (Art. 25 DS-GVO)
• (changed) ‘Right to be forgotten’ (Art. 17 GDPR) far exceeds the
current right to deletion.
• (changed) Obligations regarding transparency and disclosure (Art.
12 – 15 GDPR) extend the current right to disclosure (e.g.
www.selbstauskunft.net ).
• (new) Data Protection Impact Assessment (Privacy Impact
Assessments, Art. 35 DS-GVO)
§ Data Protection by May 2016 (Summary) § Data Protection by May 2018 (Summary)

AGENDA
Natuvion
Contact
9

The use of personal data in energy management systems leads to four concrete fields of
action.
Uses of personal data in energy management IT systems:
Fields of Action
Comprehensive real data in
project / test and training
systems
Historical data in productive
systems
Extensive database of process
execution
SAP Test, Training and/or project
systems are built on a complete
copy of the production system.
The access to data is possible at
any time fully and partially
depending on the authorization.
After the processing of data,
contracts or service contracts,
customer data is passed on to new
service providers.
The historical data remains current
and in the respective production
systems.
Processes for acquisition and
contract processing generate data.
The use of this data is legitimate for
the respective purpose.
After the process has been
completed, the data is still available
without restriction
Test and project system only
with anonymous data
Personal data after expiration of legitimation to be deleted
Anonymization training and
testing system
Delete historical data
Lock and implement
continuous data managment
1
Customer requests to provide
information
Requests for information about the
affected persons concerning the
storage and processing of their
personal data.
Information is currently available as
a manual process and information
can only be provided with high
effort and usually not in the legally
prescribed format.
Structured, IT-supported
processing
2 3 Request for information
about personal data
4

Example of Initial Situation
Initial example of actual IT process & system landscape
11
Historical data in productive
systems
After the processing of data,
contracts or service contracts,
customer data is passed on to new
service providers.
The historical data remains current
and in the respective production
systems.
Extensive database of
process execution
Processes for acquisition and
contract processing generate data.
The use of this data is legitimate
for the respective purpose.
After the process has been
completed, the data is still
available without restriction
Customer requests to provide
information
Requests for information about the
affected persons concerning the
storage and processing of their
personal data.
Information must be provided in a
structured, electronic form with the
following specifics; the place, the
reason and the recipient as well as
the duration of the storage / deletion
criteria.
Comprehensive real data in
project / test and training
systems
SAP Test, Training and/or project
systems are built on-a complete
copy of the production system.
Extensive access to data is
possible.
 (1) To be implemented
6
4
3
1
Company codes in system
with verified legitimation
77.000
4.200.000
ChangeInterested Persons Inactive
1.150.000
400
With
supervision
Critical
Currently
aabout. 120 p.a.
Access – dark figure
Data surveys with legitimation to be
verified
(Current year)
Req. for info. (§ 34 BDSG)
Supervision (§ 38 BDSG)
* Number of inquiries across all service providers currently
can not be determined
* Change = Rejected bills of exchange and storage of data
1 2 3 4
Companies
Real data in secondary system
(Access restricted / restricted access / data
anonymized)
16
4
2
475.000 Customers
Extensive Limited Anonym.

On the way to data privacy compliance?
Anonymization / pseudonymization
Why does data need to be anonymized / pseudonymized?
Risk
( 1 )
Project- / Test System
( 3 )
Quality System
( 2 )
Training System
• Project / test systems are built as a copy of the productive system.
• The authorization structure in this system is usually not very strict.
• Both internal and external employees have extensive access to data and processes.
• Technical data access / direct database access is often possible.
• Training systems are built as a copy of the productive system.
• The authorization structure in this system is usually mediocre, depending on the training.
• Usually only internal employees are trained.
• Technical access to the data is usually not possible.
• Quality assurance systems are built as a copy of the productive system.
• The authorization structure in this system is usually very strict.
• Usually, internal employees have access to these systems.
• Technical access to the data is usually not possible.
Probability
DamagePotential
2
3
1

Personal data may not be used for a test execution of IT software.
Comprehensive real data in project, test and training systems
"[..] Software and IT procedures are to be checked
with systematically developed case constellations
(test data, no personal data) according to a test plan,
from which the desired result emerges.
Mass tests can, if necessary, be carried out with
anonymized original data after approval and
specifications of the competent authority.
The approval of the responsible authority for the
anonymization of original data and all test results
must be documented in a revision-proof manner.
Source: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/
Inhalt/_content/m/m02/m02509.html
IT Baseline Protection Catalogs
13. EL on 2013, M 2.509):
13
In SAP test- or project systems, no personal data may be held. All
test procedures must be carried out with anonymous data.
SAP CRM
Production
CRM
SAP
ERP / IS
Production
ERP
SAP CRM
Devel.
CRM
SAP
ERP / IS
Devel.
ERP
SAP CRM
Test
CRM
SAP
ERP / IS
Test
ERP
Project-
system
CRM
Training-
system
CRM
Project-
system
ERP
Training-
system
IS-
UER
P
Sandbox-
system
CRM
Sandbox-
system
ERP
Sample of SAP System Landscape

AGENDA
Natuvion
Contact
14

Challenges & Solutions
Known challenges in pseudonymization
Common Challenges Solutions
Networked Systems
Coherent systems must also have a synchronized database after pseudonymization.
Completeness
The pseudonymization must take all personal data into account (customer
developments and add-ons).
Speed
The performance of a system changeover / anonymization is based on the deciding
factor of feasibility. The pseudonymization must have no noticeable influence on the
established processes.
Sustainability & Complexity
An SAP system landscape is subject to constant change. Data structures are modified
and new data structures are added which may contain data with a person reference.
External Systems / Interfaces
Interfaces to non-SAP systems are subject to increased attention in the context of
pseudonymization. At this point, problems can arise in the testability / functionality of
the processes.
TDMS
(SAP SE)
TDA
(Natuvion)
EDA
(Natuvion)
 Rule-based data scrambling
 Single systems can be pseudonymized or
anonymized.
 Central control via a control system possible
(SOLMAN)
 Rule-based pseudonymization
 System landscapes or individual systems can be
selectively or completely pseudonymized.
 Templates for ERP / CRM / HCM / IS-U
 Central control of any SAP system
 Rule-based pseudonymization and anonymization
 Individual systems can be selectively
pseudonymized or anonymized.
 Templates for IS-U / CRM
 Central control of any SAP system

Scope of Anonymization
Example of anonymization SAP ERP-IS-U / CRM
0
20
40
60
80
100
120
140
160
180
200
ERP CRM
Relevant fields with personal
data
Standard Customer
Stammdaten Transaction Data Customer-specific Developments
 Names
Replace Rule-based, Blend, Generate,
Delete
 Bank details
Substitute Rule-based, generation, mixing
of business customers, deletion
 Date of Birth
Generate Rule-based, setting of ranges,
deletion
 Addresses
Centralized, overlapping address
assignment
 Communication Structures
Delete
 Service Provider
Delete
 SEPA-Mandates
Consistent adaptation to the master data
 Returns/Repayment Request
 Payment Lot
 Payment Program
 CRM-Activities and IS-U Contacts
 Automated content-dependent
search of data fields with reference
to a person
 Integration of these fields into rule-
dependent field modification

Test Data Anonymization (TDA)
Natuvion’s Solution: Overview
Key Features of the Solution Quickly supply test systems with anonymized data
Comprehensive pseudo/full anonymization on ABAP-based
systems
Anonymization of non SAP solutions (databanks) possible
Use of value tables for using real values
Extremely high conversion performance (e.g. 14 Mil. Partners
within 8 Hrs.)
Supply data across system boundaries, to ensure the consistency
of the transferred data at all times
Economically & legally certified solution
Compatable with NW 7.0 systems and up
Distinctive data models for ERP / IS-U / FI-CA / CRM / HCM / BW

TDA – Test Data Anonymization
Practical Demonstration of a Pseudonymization
Selection
Transformation
Application perspective
Administration perspective
Data before the anonymization
Data after the anonymization
?

The data anonymization can be
performed centrally from one system
for all connected synchronously or on
each system asynchronously.
TDA – Test Data Anonymization
Practical Demonstration of a Pseudonymization
Connected System
Customer-Specific
Developments
All Personal data must be taken into
account. This also affects proprietary
developments and add-ons.
Sustainability
The permanent changes to the
system landscape / data structures
must be taken into account in the
solution without carrying out
continuous development activities.
Storage tables can be supplemented
easily and flexibly.
Performance
System anonymization within a
quality or test system must be
achievable in a minimum runtime
frame.
…
Vertrag
Aktivität
PartnerReleati. Connec.
Act.
…
… … …
ERP CRM

Introduction TDA
The implementation of the solution can be carried out in a short and manageable project framework.
Concept Test Position Individualization GoLive Support
 Introduction Data
anonymization in the FB and
record additional
requirements if necessary
 Survey of relevant process,
authorization or UI
adjustments
 Delivery of transport orders
 Carry out the necessary
standard customizing
 Create rules and variants
 Display of additional functions
/ selection features
 Customizing as a coaching
approach
 Development of customer-
driven developments / tables
 Adaptation of variants
 Test management
 Test execution
 Key user training
 End user training
 Going live
 Stabilization
 Certification of §9 BDSG
(optional)
 Adhoc-Support
 Support for additional
product extensions
 Technical release updates
 Updates for new features
2 - 3 PT 5 PT 10 – 15 PT 5 PT Support Contract
Project Duration: 6 – 10 Weeks 12 - 24 Months
2 - 3 PT 3 PT 3 - 2 PT 3 PT ----
Scope Test Environment Tailoring your solution Start of Regular Operation Support Contract
Typical Phases of Implementation

AGENDA
Natuvion
Contact
21

Natuvion GmbH
Altrottstraße 31 | 69190 Walldorf
Fon +49 6227 73-1400
Fax +49 6227 73-1410
www.natuvion.com
We look forward to answering your questions and concerns!
Patric Dahse
Managing Director
Phone: +49 151 171 357 02
Mail: patric.dahse@natuvion.com
Visit us on our website!
Data Protection & Privacy
www.professional-system-security.com/
Natuvion
www.natuvion.com/

GDPR compliant data anonymization / pseudonymization

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to GDPR compliant data anonymization / pseudonymization

Similar to GDPR compliant data anonymization / pseudonymization (20)

More from Patric Dahse

More from Patric Dahse (20)

Recently uploaded

Recently uploaded (20)

GDPR compliant data anonymization / pseudonymization

Editor's Notes