IT Security #2: Data Privacy and compliance
In this second article in our data security series, Dr. Boris Hoffarth discusses current trends data privacy and a best practices approach to compliance. Read the first installments of the series here: IT security: Much More than Data Protection
Keeping up with data privacy laws
Data privacy is all about keeping your data – employee and customer information, contracts, or other sensitive material – safe from internal threats or mishandling. Can you protect your data at all times? Do you have comprehensive, compliant processes for handling information requests? Destroying data? Blocking access? Archiving, accessing, and logging data in ways that meet compliance standards?
International, national, and industry regulations for data privacy and compliance are constantly being introduced . Many countries – most notably those in the European Union – have enacted comprehensive data protection laws, while others are pending legislation or enactment. Any company doing cross-border business has to abide by the data privacy and protection frameworks of both nations, or face a fine. While the financial costs are significant, the real harm of a data privacy breech is the damage it does to a company’s reputation. The resulting headlines jeopardize trust, spook customers, and drive away business.
What do companies need to ensure data privacy?
When it comes to data privacy, companies need help in four main areas:
- Strategic planning. What needs to happen to keep sensitive data secure throughout the organization and throughout the data lifecycle? What are the priority compliance requirements?
- Employee data. What must happen to safeguard employees’ personal information?
- Data destruction.
Does this sound familiar?
Your board of directors wants a compliant organization. Your legal department must oversee compliance with current regulations. IT must enforce compliance, but views many of the compliance directives as unsolvable business requirements. The legal department continues to bear down. IT says it isn’t possible to enforce new regulations within the parameters of the current systems, but legal says it must be done. The board doesn’t know how to respond and worries about noncompliance.
How to remedy a compliance mismatch
Clearly, data privacy compliance can’t happen without a plan – or the right tools. At SAP, we simplify the roadmap to global data compliance into four manageable steps. Our compliance mitigation approach requires IT and legal departments work closely together to:
- Collect requirements. The legal department collects applicable compliance requirements from all countries where the company does business.
- Analyze the landscape. The IT team analyzes the requirements in context of the corporate technology landscape, including SAP and non-SAP systems and databases.
- Prioritize solutions. Together, legal and IT design a step-by-step plan to cover all data privacy, compliance, and technical requirements. The IT team recommends solutions, then assigns project priority in conjunction with the legal department.
- Set up your program. The team sets up a single roadmap that includes all requirements, broken down into individual project components. The plan is continually adjusted to meet current compliance priorities.
Advanced data privacy solutions from SAP
SAP has the tools you need to cover all your legal and data privacy compliance requirements:
- SAP Information lifecycle management (ILM) and extended enterprise content management (ECM) software help you delete data at the end of its useful life, address special requirements for data privacy and protection, and decommission entire systems.
- The SAP Test Data Migration Server (TDMS) scrambles data for anonymization for test systems.
- Activating read access logging (RAL) and collecting data for information requests to cover requirements of special branches.
- Landscape transformation and data services help you set up customized privacy projects.
Get started now
How secure is your data privacy? SAP Security Advisory Services will assess your company’s data privacy and compliance solutions in relation to your business and IT goals, then work with you to design a compliant solution with the privacy and business functionality you need. We also offer support for installation, configuration, and rollout. To learn more about how SAP data privacy consulting can help ensure your data privacy and security, visit us online.
If you want to learn more, make sure to visit us at the SAP Service & Support area at SAPPHIRE NOW 2015 in Orlando.