The European Parliament approved the General Data Protection Regulation (the "GDPR") On Thursday, 14 April 2016. The GDPR will become effective for all companies processing personal data of EU citizens on May the 28th 2016.
Failure to comply with the GDPR may result in enforcement actions under the GDPR, including possible fines up to the greater of € 20 million or 4% of annual global turnover.
How is this related to SAP data?
Most SAP using organizations are storing privacy relevant SAP data in their SAP systems (think of personal data related to customers, vendors, business partners, employees, applicants, patients, etc. etc.)
Many data privacy officers are aware of the new EU GDPR and are looking for instruments and know how to translate and apply data privacy measures to SAP data.
The attached presentation gives you some basic insight on how to handle personal and sensitive data in SAP systems.
The GDPR is all about how to govern and manage your privacy relevant data in SAP systems. Many companies are strugling to adapt and align their (SAP) information governance and practical information management activities with the GDPR legislation.
Read this GDPR presentation presented for the Dutch SAP user group to learn more about some of the practical governance and management activities you can prepare for SAP systems in order to comply with the GDPR
Webianr: GDPR: How to build a data protection frameworkLeigh Hill
Are you ready for the General Data Protection Regulation (GDPR)?
With the GDPR deadline less than two years away, the pressure is on for organizations to understand how they will comply. Proper data management is part of the answer, but tying these efforts into a data governance framework to manage data protection is key to meeting – and sustaining – GDPR compliance.
In this webinar we will discuss:
-What GDPR is and the impact it has on data management
-Why a sustainable framework is key to getting GDPR right
-The five steps to establishing a data protection framework
-How to ensure ongoing compliance
The European General Data Protection Regulation (GDPR) will come into effect in May 2018 and it will impact all organizations that store or process personal data of EU citizens. The European Commission is exporting European data protection principles to the rest of the world while widening the definition of personal data and enforcing privacy by design. These changes will not only have an impact on the organizations but also on the software which is used for data processing. How does it affect the Hadoop ecosystem?
Distributed data processing at scale is one of Hadoop’s core features and we will explore how the GDPR could potentially affect it. We will also take a look at the technical aspects of the rights of data subjects and see if and how we can address those, with a particular focus on open-source technologies.
This talk will give you an overview of the key themes of the GDPR including the rights of the data subject and will investigate the technical implications for data processing within the Hadoop ecosystem.
The GDPR is all about how to govern and manage your privacy relevant data in SAP systems. Many companies are strugling to adapt and align their (SAP) information governance and practical information management activities with the GDPR legislation.
Read this GDPR presentation presented for the Dutch SAP user group to learn more about some of the practical governance and management activities you can prepare for SAP systems in order to comply with the GDPR
Webianr: GDPR: How to build a data protection frameworkLeigh Hill
Are you ready for the General Data Protection Regulation (GDPR)?
With the GDPR deadline less than two years away, the pressure is on for organizations to understand how they will comply. Proper data management is part of the answer, but tying these efforts into a data governance framework to manage data protection is key to meeting – and sustaining – GDPR compliance.
In this webinar we will discuss:
-What GDPR is and the impact it has on data management
-Why a sustainable framework is key to getting GDPR right
-The five steps to establishing a data protection framework
-How to ensure ongoing compliance
The European General Data Protection Regulation (GDPR) will come into effect in May 2018 and it will impact all organizations that store or process personal data of EU citizens. The European Commission is exporting European data protection principles to the rest of the world while widening the definition of personal data and enforcing privacy by design. These changes will not only have an impact on the organizations but also on the software which is used for data processing. How does it affect the Hadoop ecosystem?
Distributed data processing at scale is one of Hadoop’s core features and we will explore how the GDPR could potentially affect it. We will also take a look at the technical aspects of the rights of data subjects and see if and how we can address those, with a particular focus on open-source technologies.
This talk will give you an overview of the key themes of the GDPR including the rights of the data subject and will investigate the technical implications for data processing within the Hadoop ecosystem.
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Ensuring GDPR Compliance - A Zymplify GuideZymplify
The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
The new European GDPR privacy regulations will significantly impact data governance for multinational companies worldwide. This presentation introduces GDPR, its implications, and a six step process for compliance. In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and the fines associated with non-compliance are significant with as much as 4% of global sales.
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Your Worst GDPR Nightmare - Unstructured DataDATAVERSITY
There’s no question that organizations across the globe are ramping up their efforts to prepare for the EU’s expansive General Data Protection Regulation. In a recent Veritas survey, over 92% of organizations admitted some degree of preparation, yet only 53% are confident they will be GDPR-ready when the go-live date hits in May 2018. Most organizations are launching their readiness efforts focused on structured data—the data they are most familiar with and have the most control over. The problem is that structured data only makes up one-fifth of all the data in a typical enterprise environment…what are these organizations going to do about the other 80% of unstructured data?
GDPR (and the stiff penalties that come with it) is the forcing mechanism that will finally drive organizations to take a proactive governance posture when it comes to unstructured data. This session will explore the key steps required for accelerating GDPR readiness by locating, searching, minimizing, protecting, and monitoring unstructured data. By attending this session, you will learn best-practices for staying off the regulator’s hit list and establishing the most effective workflows for ensuring ongoing unstructured data compliance.
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
Supporting GDPR Compliance through Data ClassificationIndex Engines Inc.
The GDPR consists of 99 articles that mandate how data is to be handled, but how do you manage years of data on various platforms?
Index Engines gives organizations the ability to leverage metadata to enforce governance policies across their data centers. Using high-level buckets, classifying and tagging relevant data, the process of protecting the content will be simplified.
http://www.indexengines.com/ediscovery-governance/solutions-for/gdpr-compliance
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
As GDPR enforcement approaches, companies around the world are making changes to their internal processes and systems to ensure they are compliant by May 2018. For many, getting started can be a daunting task, especially at larger organizations.
There’s no one-size-fits-all strategy for GDPR compliance, but there are some steps that every business should take:
1. Document the data and processes that power your organization
2. Assess the realistic compliance risks that you need to protect against
3. Keep your documentation up-to-date to demonstrate continuous compliance.
In this slide deck, you’ll read about a real-world example of a company that has started their compliance project and how they structured it.
A recording of this webinar is available for free here: http://bit.ly/2hMsQmu
25 May 2018, the General Data Protection Regulation (GDPR) deadline, is less than 6 months away.
As the attention on the regulation is at the top, there is now a growing concern for any organization that is affected by.
We would like to invite you to join our webinar to share with you our approach and help your organization and you document repository to be compliant with GDPR.
During the webinar, our special guests, George Parapadakis – Business Solutions Strategy, Alfresco and Bart van Bouwel – Managing Partner, CDI-Partners, will provide you with:
- How to implement GDPR in your document repository
- How the Alfresco Digital Business Platform can help your organization to be compliant with GDPR
- Xenit approach: a managed shared drive
-Xenit demonstration
-Top tips to start preparing for the GDPR.
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Ensuring GDPR Compliance - A Zymplify GuideZymplify
The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
The new European GDPR privacy regulations will significantly impact data governance for multinational companies worldwide. This presentation introduces GDPR, its implications, and a six step process for compliance. In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and the fines associated with non-compliance are significant with as much as 4% of global sales.
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Your Worst GDPR Nightmare - Unstructured DataDATAVERSITY
There’s no question that organizations across the globe are ramping up their efforts to prepare for the EU’s expansive General Data Protection Regulation. In a recent Veritas survey, over 92% of organizations admitted some degree of preparation, yet only 53% are confident they will be GDPR-ready when the go-live date hits in May 2018. Most organizations are launching their readiness efforts focused on structured data—the data they are most familiar with and have the most control over. The problem is that structured data only makes up one-fifth of all the data in a typical enterprise environment…what are these organizations going to do about the other 80% of unstructured data?
GDPR (and the stiff penalties that come with it) is the forcing mechanism that will finally drive organizations to take a proactive governance posture when it comes to unstructured data. This session will explore the key steps required for accelerating GDPR readiness by locating, searching, minimizing, protecting, and monitoring unstructured data. By attending this session, you will learn best-practices for staying off the regulator’s hit list and establishing the most effective workflows for ensuring ongoing unstructured data compliance.
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
Supporting GDPR Compliance through Data ClassificationIndex Engines Inc.
The GDPR consists of 99 articles that mandate how data is to be handled, but how do you manage years of data on various platforms?
Index Engines gives organizations the ability to leverage metadata to enforce governance policies across their data centers. Using high-level buckets, classifying and tagging relevant data, the process of protecting the content will be simplified.
http://www.indexengines.com/ediscovery-governance/solutions-for/gdpr-compliance
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
As GDPR enforcement approaches, companies around the world are making changes to their internal processes and systems to ensure they are compliant by May 2018. For many, getting started can be a daunting task, especially at larger organizations.
There’s no one-size-fits-all strategy for GDPR compliance, but there are some steps that every business should take:
1. Document the data and processes that power your organization
2. Assess the realistic compliance risks that you need to protect against
3. Keep your documentation up-to-date to demonstrate continuous compliance.
In this slide deck, you’ll read about a real-world example of a company that has started their compliance project and how they structured it.
A recording of this webinar is available for free here: http://bit.ly/2hMsQmu
25 May 2018, the General Data Protection Regulation (GDPR) deadline, is less than 6 months away.
As the attention on the regulation is at the top, there is now a growing concern for any organization that is affected by.
We would like to invite you to join our webinar to share with you our approach and help your organization and you document repository to be compliant with GDPR.
During the webinar, our special guests, George Parapadakis – Business Solutions Strategy, Alfresco and Bart van Bouwel – Managing Partner, CDI-Partners, will provide you with:
- How to implement GDPR in your document repository
- How the Alfresco Digital Business Platform can help your organization to be compliant with GDPR
- Xenit approach: a managed shared drive
-Xenit demonstration
-Top tips to start preparing for the GDPR.
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Presentation on key legal issues regarding use and developments of BOTs, AI - GDPR, Data Protection. Case study BRISbot. Presentation delivered at Epicenter 30 of May 2017 in partnership with BRIS and Microsoft.
GETTINGGDPR-READY MEANS SETTING UP A PRIVACY MANAGEMENT SYSTEM,
BEING ABLE TO SHOW IT AND KEEPING IT EFFECTIVE
A management system is a “living” entity which adapts to business context (new markets-products-services, M&A, demerge, law/policies changes, … ) and improves over time
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
No time to lose to comply with the new EU Data Protection Regulation - deadline is May 2018
Soon you will have to find, evaluate and categorize your company’s stored Personal Data (PD) in what may be thousands of databases. In order to be compliant with this new regulation, in due time, new processes have to be in order.
How to Prepare Your SAP System for the New European Union General Data Protection Regulation. Learn how to change your practices within your SAP environment so that they comply with the new
data General Data Protection Regulation (GDPR) privacy regulation
As a general reference, the main transaction codes to access master data tables include:
• Create, change and display customers, prospects, and contact persons (XD0*, VD0*, VAP*) and
reporting-related lists (S_ALR_87012179, S_ALR_87012180)
• Create, change, and display vendors (XK0*, MK0*) and reporting-related lists (S_ALR_87012086)
• Create, change, and display employee (PA10, PA20, PA30) and applicant (PB10, PB20, PB30) files
• Create and maintain bank master data (FI01, FI02, FI06) and business partners (BP, BUP1)
• Maintain general tables (SE11, SM30, SM31)
• Browse data (SE16) and display a table (SE16N)
The GDPR Compliance Primer has been prepared by the members of the IAB Europe GDPR Implementation Wroking Group, under the leadership of Improve Digital.
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
Learn if your organization will be impacted by the GDPR as well as what data processing tactics trigger compulsory requirements.
To watch this webinar on demand click here https://symc.ly/2GYzBjD.
Information is currency in the 21st century...Is your data enabling you to drive the right digital transformation in your organisation? - Jasmit Sagoo, CTO, Veritas
Check the 7 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018 and see how Mapp can support you on the way to GDPR compliance.
Please visit https://mapp.com/gdpr/ to find more information!
Artificial Intelligence - intersection with compliance. How AI principles work with compliance principles around data protection. AI and Compliance. AI - SYSC 13.7 - FCA Compliance. AI and regulation. AI and FCA regulation. AI and ICO regulation.
Dark Data Revelation and its Potential BenefitsPromptCloud
This presentation covers benefits, use cases, practical examples, potential issues and the approach that needs to be taken when it comes to harnessing the power of dark data (a largely untapped strategic play in the big data realm).
Similar to Materializing dataprivacy in SAP - How? (20)
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Materializing dataprivacy in SAP - How?
1. May 10, 2016
Implementing data privacy measures in SAP
Nico J.W. Kuijper, D&IM Services
SAP Archiving, Information Lifecycle Management, ECM & (SAP) Data Privacy Consultant
Email: nico.kuijper@d-im-services.com - Phone: +31(0)20 615 82 89
Member of the International Association of Privacy Professionals
2. May 10, 2016 Page 1
Subject and scope of this presentation
This presentation is about data privacy seen in the context of SAP data.
A data privacy project covers many different legal, organizational and technical aspects - however
in this presentation we focus only on (some of the) SAP instruments and practices regarding the
enforcement of data privacy regulations (like the new EU GDPR) in SAP systems.
4. May 10, 2016 Page 3
Why is this topic relevant for SAP using companies?
On Thursday, 14 April 2016, the European Parliament adopted the General Data Protection Regulation (GDPR).
The GDPR comes into effect on 25 May 2018 and companies have 24 months to become GDPR compliant.
When you are using SAP systems you might be interested in what needs to be done to apply the new EU data
privacy laws to your SAP systems, in particular how to handle your SAP data according the new data privacy law.
Official EU publication of the EU GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
You can read the full legislative text of the EU GDPR here: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52012PC0011
5. May 10, 2016 Page 4
The risks of non-compliance with the EU GDPR
Not complying with the EU GDPR (General Data Protection Regulation) leads to significant fines
and compliance risks. The EU created two tiers of maximum fines for companies violating the
GDPR. The higher fine threshold is four percent of an undertaking’s worldwide annual turnover
or 20 million euros, whichever is higher. The lower threshold fine is two percent of an
undertaking’s worldwide annual turnover or 10 million euros, whichever is higher.
You can read the full legislative text of the EU GDPR here: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52012PC0011
6. May 10, 2016 Page 5
What is considered privacy relevant information?
There are many elements of personal information.
Some examples are name, gender, age, date of
birth, marital status, citizenship, languages spoken,
veteran status, disabled status, IP address (some
jurisdictions), business and personal -addresses, -
phone numbers, -email addresses, internal
identification numbers, credit card and bank account
numbers, government-issued identification numbers
(social security, drivers license numbers, etc.) and
identity verification information, etc.
It is important to remember business data elements
can be considered personal information as well.
“Personal data” is defined as “any information relating to an identified or identifiable natural person”
7. May 10, 2016 Page 6
The General Data Protection Regulation in short
The highlights of the EU GDPR are displayed above and require an update of your privacy program
On the next slides we focus on the translation of some of the GDPR articles to the SAP context
8. May 10, 2016 Page 7
The identification of personal data in SAP
The GDPR requires the designation of a data protection officer and the execution of DPIA’s.
One of his/her tasks? Monitoring compliance with the GDPR and other data protection laws,
including managing internal data protection activities, training data processing staff, and conducting
internal audits. DPIAs (Data Privacy Impact Assessments) are used to identify potential privacy
issues, evaluate whether the benefits of a project outweigh its risks, implement privacy by design,
conduct internal auditing for compliance with legal, regulatory, industry and organizational standards.
Do you know how to
identify, monitor and
audit the use of
personal data in SAP?
9. May 10, 2016 Page 8
Explicit consent for processing personal data in SAP
The GDPR requires explicit consent for the processing of (special categories of) personal data.
How to request or trigger
explicit consent regarding
personal data (to be)
processed in SAP?
10. May 10, 2016 Page 9
Erasure or blocking of personal data
(right to be forgotten)
Under GDPR Article 17, controllers must erase personal data “without undue delay” if the data is no
longer needed, the data subject objects to the processing, or the processing was unlawful.
Do you know how to erase
or block personal data in
SAP in a consistent way?
11. May 10, 2016 Page 10
The transfer of personal data out of the EU
The GDPR makes clear that it is not lawful to transfer personal data out of the EU in response to a
legal requirement from a third country. It also imposes hefty monetary fines for transfers in violation
of the Regulation.
Do you know how to
restrict the (unlawful)
transfer of personal data
stored in SAP systems?
12. May 10, 2016 Page 11
Protect personal data in non productive systems
The GDPR encourage data pseudonymization - defined as “the processing of personal data in
such a way that the data can no longer be attributed to a specific data subject without the use of
additional information”. Data encryption, pseudo- and anonymization, etc. are means of protecting
the rights of individuals while also allowing controllers to benefit from the data’s utility – in the SAP
context e.g. the use of SAP data in test and quality assurance systems.
Do you know how to (pseudo)
anonymize or encrypt personal data
in non productive SAP systems?
13. May 10, 2016 Page 12
Data breach notifications within 72 hours
“Under the GDPR, a “personal data breach” is “a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data
transmitted, stored or otherwise processed.”
In the event of a personal data breach, data controllers must notify the supervisory authority
“without undue delay and, where feasible, not later than 72 hours after having become aware of it.”
Do you know how to
prevent and/or detect a
data breach in SAP or
control the download of
privacy relevant data
from SAP systems?
14. May 10, 2016 Page 13
Information security = information privacy?
The term information privacy refers to the handling, controlling, sharing and disposal of personal
information while the term information security includes a very wide range of activities both
physical and administrative that protect not only personal information, but any type of information or
information asset that supports a business.
The difference between information privacy and information security supports the statement,
“You can have security without privacy…but you cannot have privacy without security.”
For example, a secure computer with solid access controls may be secure however if access
controls were not assigned correctly privacy may become an issue.
In these slides we focus mainly on the protection of privacy relevant SAP information.
16. May 10, 2016 Page 15
Mitigating the violation of data privacy laws in SAP
Organizations handling privacy relevant data in the context of SAP systems might need some
practical guidance on how to mitigate the risk of violating data privacy regulations.
In this section we show some of the practical examples on how to mitigate the risk of violating data
privacy regulations in SAP environments.
17. May 10, 2016 Page 16
Some examples of data privacy measures in SAP
Data privacy topic Applicable to SAP system, functionality or data Supporting SAP
functionality
Supporting 3rd party
functionality
Data privacy impact
assessment on SAP data
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. AIS (Audit system),
special reports, GRC,
etc.
Activate explicit consent for
processing of personal data
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. Standard SAP
Restrict / limit access to
privacy relevant data
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. Standard SAP
Blocking of privacy relevant
data (if can’t be deleted)
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. Standard SAP
Destruction of privacy
relevant SAP data
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. SAP ILM RM
(part of standard SAP)
Data encryption, masking,
anonymizations, etc.
Privacy relevant data in all NON productive SAP systems SAP TDMS 4.0 EPI-USE, Dolphin, etc.
Data protection &
prevention of data leakage
(outside SAP)
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. SAP Authorizations,
AIS (Audit system).
External DLP solution
providers like Secude,
etc.
Monitor unlawful access to
privacy relevant or sensitive
data in SAP
SAP ECC (HCM,SD,FI, etc.), BW, CRM, SRM, IS-*, etc. Read Access Logging
(RAL), SAP Enterprise
Threat detection, etc.
Different external
solution providers
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
18. May 10, 2016 Page 17
Conducting data privacy impact assessments in SAP
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
Context: organizations handling privacy relevant (personal) data are obliged to execute DPIA‘s
(Data Privacy Impact Assessments) under the EU GDPR. Organizations need to evaluate the
personal data they have; categorizing the data so they are clear where the personal and sensitive
data resides and where other less important data sits in the company.
What are some of the instruments that can support you in conducting a DPIA on SAP data?
19. May 10, 2016 Page 18
Some Data Privacy Impact Assessment questions
In a DPIA different types of questions might be raised such as:
• What data is collected and from which source(s) and why?
• Where and how the recorded data is stored (in SAP).
• Who (roles/individuals) has access (consulting, updating, etc.) to the data?
• What the data is used for, and how it passes both between systems and to data consumers.
• How long should data be retained?
• Who is responsible for the data at both an operational and a strategic level.
It is not always easy to answer some of these questions when you are using a system with a
impressive data model and broad functionality like SAP. Where is privacy relevant data actually
stored in SAP?
20. May 10, 2016 Page 19
DPIA’s in SAP – Identify privacy relevant data (I)
There are reports available in SAP to identify where in the data model of SAP privacy relevant
information could be stored (including your custom developments).
Categorizing the data so that it becomes clear where the personal and sensitive data resides in
SAP is an important step in your Data Privacy Impact Assessment.
21. May 10, 2016 Page 20
DPIA’s in SAP – Identify privacy relevant data (II)
Another useful step is to identify if you actually store privacy relevant data in SAP – and this should
be assessed at least once a year. Audit Information System reports can support you in this task.
22. May 10, 2016 Page 21
DPIA’s in SAP – Identify privacy relevant data (III)
Once it is clear where privacy relevant data is stored in SAP, you want to know who has access to it
and the type of actions that can be executed by the users/roles (this can be done using e.g. GRC
and other tools). It is also relevant to check who can access privacy relevant data directly on
database level using a table browser like e.g. SE16 – often used as backdoor to access data.
23. May 10, 2016 Page 22
Supporting data privacy assessments in SAP
Once organisations understand just what personal data they have,
they should then ensure that regular risk assessments are completed
to understand the degree of threat imposed on the company when
processing privacy relevant data in SAP.
There are many tools and reports available in SAP that
can support you in conducting your Data Privacy Impact
Assessment in SAP in a structured way, we just scratched
on the surface of the possibilities.
Knowing (and measuring) your risks is key for a solid data
privacy program.
24. May 10, 2016 Page 23
Explicit consent for processing of personal data
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
Context: the GDPR requires explicit consent for the processing of personal data.
There are different options available in SAP to enforce the explicit consent for the processing
of privacy relevant data.
25. May 10, 2016 Page 24
Data privacy – requesting explicit consent in SAP 24
Individuals have rights when it comes to the
collection & processing of personal information.
Consent and choice are two of those rights.
As a result, organizations should describe the
choices available to individuals and should get
implicit or explicit consent with respect to the
collection, use, retention and disclosure of
personal information.
There are different options in SAP to request
explicit consent for the storage and processing
of personal data in for example HCM (employee
data and in e-recruiting), ECC, SRM, CRM, IS*,
etc.
Processing personal data in SAP without explicit
consent is unlawful and should be avoided.
26. May 10, 2016 Page 25
Blocking of personal data in SAP
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
Context: the GDPR gives data subjects the right to have their personal data erased.
However, personal data sometimes cannot be erased due to data consistency rules,
other (overruling) legislation. In some cases privacy relevant (master)data
must be blocked for further access and/or processing in SAP.
27. May 10, 2016 Page 26
Blocking privacy relevant data 26
SAP delivers business functions for the blocking of personal (business partner) data that can’t be
deleted instantly for different reasons (SAP data consistency or data must be preserved longer due
to overruling legal or fiscal legislation, etc.).
28. May 10, 2016 Page 27
Right to be forgotten and erasure of personal SAP data
Context: the GDPR gives data subjects the right to have their personal data erased, provided that
certain conditions are met. SAP offers > 100 so called data destruction objects for the rule based
and compliant erasure of privacy relevant SAP data (for e.g. ECC6, CRM, SRM, IS*, etc.).
This is delivered by the SAP functionality called SAP ILM (Information Lifecycle Management).
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
29. May 10, 2016 Page 28
Placing information under corporate control
Definition of a ‘RECORD’
SOX
GAAP
EU GDPR
BASEL II/III
HIPAA
Etc.
Corporate information that is subjected to legislation must be managed as a “record” using records
management principles in order to manage, preserve and destruct the information according rules
30. May 10, 2016 Page 29
Introduction of SAP ILM
The lifecycle of information (put under corporate control) can be managed with SAP Information
Lifecycle management (ILM). SAP ILM is currently the only SAP tool to manage the lifecycle of
SAP data and documents in a controlled way using records management & retention policies.
31. May 10, 2016 Page 30
Data destruction objects
For the controlled destruction of privacy relevant SAP data and documents, SAP ILM offers so
called data destruction objects. Alone in SAP module HCM we find more then 100 data destruction
objects, and the SAP HCM data destruction objects can (in most of the cases) be used without
additional SAP license implications.
32. May 10, 2016 Page 31
Retention policy: manage the lifecycle of your data
Privacy relevant data should be managed in alignment with other legislation based on retention
rules. Other (overruling) legislation – e.g. tax regulation – might require the preservation of privacy
relevant data, blocking e.g. the destruction of financial data containing privacy relevant data.
With SAP ILM we can harmonize this and apply specific policies for specific types of SAP data.
33. May 10, 2016 Page 32
Data destruction in SAP
Based on the defined retention rules in SAP ILM it is possible to comply with the GDPR rule to
destroy privacy relevant SAP data in a controlled way.
34. May 10, 2016 Page 33
Data protection in non productive SAP systems
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
Context: the GDPR prohibit the unauthorized access to personal data and encourage the (pseudo)
anonymization of data when possible.
How do you give developers, testers and contract workers access to a non-production system
without endangering your data privacy and data security regulations?
Encrypting or (pseudo) anonymization might be the answer.
35. May 10, 2016 Page 34
Data protection in context and some terminology
Even if great care is taken to set up authorizations, design roles and isolate duties in the production
environment, these authorizations do not work in non-production systems.
How do you give developers, testers and contract workers access to a non-production system without
endangering data privacy and data security? Data encryption or (pseudo)anonymization might be the answer.
Terminology explained
We speak of anonymity if the identity of a person is not known or if a person does not wish to make his
identity known. Pseudonymization and anonymization are both techniques by means of which the identity
of a person can no longer be traced.
Pseudonymization is a procedure by means of which identifying data with a particular algorithm are
replaced by encrypted data (the pseudonym).
The algorithm can always calculate the same pseudonym for a person, by means of which information
about the person, also from various sources, can be combined.
Pseudonymization distinguishes itself in this way from anonymization,
because linking information to a person, from various sources,
is not possible with anonymization. (source wikipedia.org)
36. May 10, 2016 Page 35
SAP TDMS 4.0: scramble privacy relevant data
SAP offers, with SAP TDMS 4.0, the option to scramble privacy relevant data in non productive SAP
systems. (see SAP slide of TDMS 4.0 above)
37. May 10, 2016 Page 36
3rd party solutions for SAP data encryption
Other (SAP certified 3rd party) vendors do deliver data encryption and (pseudo)anonymization tools
for SAP data as well. Note: under the GDPR, a data breach (especially data theft) of encrypted data
still must be reported to the authorities – data security remains of vital importance in al cases.
38. May 10, 2016 Page 37
Data theft & data leakage prevention of SAP data
Context: the GDPR also introduces the need for organizations to prepare a data breach notification
plan in the event that something does actually go wrong. However, it is vital to prevent data leakage!
How can you actually prevent that privacy relevant SAP data can be “leaked” and distributed
outside your organization?
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
39. May 10, 2016 Page 38
Is privacy relevant data leaving your SAP system?
Privacy relevant data should only be downloaded from SAP when authorized (ensure a adequately
configured authorization concept). Misuse of personal data by the download function and/or the
XXL/ALV List Viewer is prohibited under the GDPR (considered a data breach/data leakage).
Even with appropriate SAP authorizations it is often difficult to control what happens with the data
outside the controlled SAP environment – however there are tools to overcome that hurdle.
40. May 10, 2016 Page 39
Data leakage prevention in SAP 39
Not many companies are aware of what sensitive/privacy relevant data is leaving their systems.
Often, that sensitive information is sent to unsecure locations such as unprotected mobile devices,
and public cloud environments. There are 3rd party tools that can block the download of sensitive
data from SAP – not only useful for compliance with regulations, but also to protect your IP, etc.
41. May 10, 2016 Page 40
Controlled access to downloaded SAP data (1) 40
With 3rd party software you can combine SAP authorizations (controlling access to privacy relevant
data in SAP) with MS Digital Right Management (controlling access to privacy relevant data outside
the SAP environment). With this concept you can protect SAP data even when it is leaving SAP.
42. May 10, 2016 Page 41
Controlled access to downloaded SAP data (2) 41
Using these kind of SAP certified 3rd party tools, you can get a grip on the sensitive / privacy
relevant data that is leaving your SAP systems in a controlled and auditable way.
43. May 10, 2016 Page 42
Monitor the access to privacy relevant SAP data
Audit
SAP data
privacy
Enforce
explicit
consent
Restrict
data
access
Blocking of
SAP data
Destroy
SAP data
Encrypt,
Mask, etc.
Prevent
SAP data
leakage
Monitor
unlawful
data access
Context: a data breach covers under the GDPR different unauthorized activities.
Unauthorized access to & processing of privacy relevant data (not only by hackers also by the
employees of the organization) is considered a data breach that must be reported within 72 hours.
How can you actually detect that privacy relevant SAP data has been accessed unauthorized?
SAP delivers different instruments to monitor the unlawful access of privacy relevant SAP data.
44. May 10, 2016 Page 43
Monitoring databreaches in SAP
If data is leaked, companies must inform the Data Protection Authority (DPO) within two working
days of them being aware of the breach. All data breaches must be sufficiently documented.
So organizations must indicate exactly where in the systems breaches have taken place and
what consequences they have. They must also inform the owners of the leaked data.
SAP offers a standard tool (as part of NetWeaver) to monitor the unauthorized access to
(privacy relevant) data – even if this is “just looking” at privacy relevant data. The name of the
tool is RAL (Read Access Logging) and it can monitor the access to data from many different
channels.
45. May 10, 2016 Page 44
RAL (Read Access Logging) - 1
With RAL you can define and categorize the logging purpose, domains and object yourself.
46. May 10, 2016 Page 45
RAL (Read Access Logging) - 2
Access to privacy relevant SAP data via different channels (Gui, internet, RFC) can be logged in a
flexible way so that you can determine what needs to be logged in detail. RAL can help you
significantly in detecting and logging data breaches in SAP.
47. May 10, 2016 Page 46
Closure
In this presentation we presented some of the available options in SAP to mitigate data privacy risks
Looking for expertise to enforce data privacy in your SAP systems? Don’t hesitate to consult us!
48. May 10, 2016 Page 47
Nico J. W. Kuijper, D&IM Services
SAP Archiving, Information Lifecycle Management, ECM & (SAP) Data Privacy Consultancy
Email: nico.kuijper@d-im-services.com - Phone: 0031(0)20 615 82 89
DISCLAMER. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the
implied warranties of merchantability, fitness for a particular purpose, or non-infringement. D&IM Services assumes no
responsibility for errors or omissions in this document, except if such damages were caused intentionally or grossly negligent.