GDPR and SAP Information Steward
With the advent of GDPR in Europe / UK from 25th May 2018 have been receiving many questions as to how we can achieve compliance. In fact from my perspective there is no simple straight forward answer to this. It has to be an organizational push + a set of application which will help us to achieve the same. We still have to wait and watch as to how many articles which are yet to be defined properly.
Still one of the very essential and well defined article within GDPR is the personal data should be properly tagged and an enterprise should be aware as to where all it is storing user personal information.
This brings us to the importance of storing business metadata as part of our study / analysis phase to determine where are data needs to be anonymized and pseudonymized. Among the limited number of tools available in the market to document metadata across the enterprise application landscape, SAP Information Steward (IS) stands out in its capability, flexibility and possibility to connect to multiple SAP / Non SAP systems.
In this blog we will see how SAP IS could be connected to a SAP Data Services repository and a SAP Business Warehouse system, technical metadata from these 2 systems can be exported from the repository in SAP IS, GDPR relevant tagging can be done and conversion of this technical metadata from multiple source systems can be categorized in a single business metadata.
- Connecting SAP Data Services to Information Steward. From SAP Central Management Console > Information Steward > Metadata Management > Integrator Sources > Manage > New > Integrator Source. Here you will see a list of all source systems that could be connected to SAP IS to extract Metadata.
Here one can see a master list of all source systems that can be connected with SAP IS. - Once the above connection is established one can see the SAP DS repo as below
- To import technical metadata structures we can right click on the connection name, select schedule if we want to extract the metadata regularly or click on run now in case only one time import is required.
- Once the import metadata job is completed login to Information Steward and click on Metadata Management tab. The connection which we created in the SAP CMC console will start appearing here. All the above steps needs to be repeated for all the source systems (BW in this case)
- SAP IS does not have a out of the box capability to tag GDPR relevant attributes, and the same has to be custom built in the system. This could be built using the custom attribute functionality given under Manage drop down
- I have created a GDPR attribute which will signify if the object in question is GDPR relevant of not. Similarly one can create N number of custom attributes like GDPR Dependency details, Data Owner etc but here I have just taken one attribute to keep it simple. Once we have created the custom attribute we can assign access levels also so that for e.g this attribute will only be visible to BW source systems or data services source systems or all systems etc.
- Once the custom attributes are defined they will start appearing in the object description view and could be marked during the system analysis / study phase. In the below depiction we can see that the GDPR attribute has been marked at 2 levels. The below is showing that the table that is present in this imported repository is GDPR relevant as well as the attributes within this table are also GDPR relevant. This tagging needs to be done across all objects of a source system and also across multiple systems
- Once the above technical metadata is consolidated we will now move to creating business metadata. In this case we will see how all the GDPR relevant objects across multiple source systems can be consolidated under single business relevant common headings. For that Go to Metapedia > Click on New Category and create a GDPR category. This master category can further be categorized into sub categories like Bank Details, Employee Details etc.
- Go to All Terms create a new term let us say Bank Account Number fill in the details as exhaustive as you like, assign it to a category (save it before assigning it to be category) and submit for admin approval.
- Once the admin approves it will start appearing under the sub category which we created earlier. After approval one can search and assign GDPR relevant attributes across multiple source systems.
- A normal business user with read only access will be seeing the below view wherein enterprise data steward team has tagged, categorized and mapped enterprise wide GDPR relevant attributes under a single business term.
I hope the blog will be useful for you to simplify the GDPR relevant documentation in your enterprise. In case of any queries / suggestions please do not hesitate to reach out to me.
Keep reading and keep learning.
Best Regards.
Shazin
Hi Shazin Siddiqui,
I would like to know more about how to make it easy the end user can understand the failed data easily. if we apply a rule on multiple columns it s hard to understand which column was failed for that rule, how to make it easy one from business can understand based on the exported sheet.
2. can we add additional fields to the table or file which we imported and place the information what we need.
Looking forward for your thoughts.
Thanks in advance.
Hi Kumar.
Though this is a bit off topic and a contender of a new thread in the IS community let me try to elaborate a bit. With regards to your first question, IS highlight the failed columns in bold as per attached.
Information Steward from my perspective is more of a tool for data steward rather than for business as he should be the one who derives the data related efforts in the enterprise. If he is from business than my expectation will be he should be well versed with IS.
Secondly, not a good idea to add additional attributes at the source just for this purpose. No need to make source system dirty as in future because of this support and maintenance will be difficult.
Just to convey that the above is from my view point and this being such a topic perspectives can differ.
Hope this helps.
Regards. S
Thanks for your quick response.
yes you are right it will be highlighted with in the information steward tool.
if you export the same bit to an excel it wont be highlighted.
it will give you a rule name against it. if you apply a single rule for more than one column and if that row fails on multiple columns then it is hard to understand.
second one I agree .is there any better suggestions on that please.
Thanks for your blog is usefull.
On IS v 4.2 sp 5, I have question about import metapedia term. I created new term in metapedia and associate object with crystal report is Business Intelligence(EDW-BO) \ CMS Systems(edw_dc_bi01:6400) \ Folders(TRỤ SỞ CHÍNH (Lĩnh vực nghiệp vụ)) \ Folders(01. Khách hàng) \ Folders(011. Khách hàng hiện có, mới, mất đi) \ Reports(11-01: Tổng hợp KH tiền gửi hiện có, mới, mất đi theo CN). After that, I export this term to add new term by importing the other term. The result I meet error: One or more associated paths of term “Số lượng KH hiện có kỳ trước” is invalid. Replace the contents of column Target Name Path in the Excel file with the correct name path of each associated object in the target system. For the format of the Name Path, refer to User Guide. (UIM-10217).
I have finded the cause: comma in folder name and report name. But I wonder that why it don’t understand the name path folder contain commas. And which non-charactor not apply in folder name path. Other, which best solution for this issue? You can see the detail files upon the link for more information.
I hope you have answer for me.
Thanks;
Lanht
Thank you for this blog. This is very useful. Does anyone know how sap information steward custom attributes available object types are defined and created? Any assistance would be greatly appreciated.
Thanks,
Shauna