workshop dataprivacy in sap
play

Workshop dataprivacy in SAP Ing. Nico J.W. Kuijper MSc. CIPP/EU SAP - PowerPoint PPT Presentation

Sep 13, 2023 •142 likes •802 views

Workshop dataprivacy in SAP Ing. Nico J.W. Kuijper MSc. CIPP/EU SAP information & data governance/management consultant, (SAP) Data Privacy Consultant Certified by the International Association of Privacy Professionals

  1. Workshop dataprivacy in SAP Ing. Nico J.W. Kuijper MSc. CIPP/EU SAP information & data governance/management consultant, (SAP) Data Privacy Consultant Certified by the International Association of Privacy Professionals nico.kuijper@d-im-services.com +31 20 615 82 89 Disclaimer: the author of this presentation does not provide any legal advice regarding data privacy with this presentation. In this presentation personal opinions, practical experiences on the fulfillment of data protection requirements and possible instruments are discussed. This presentation contains some pictures/slides from public available sources and SAP presentations. March 29, 2018

  2. Disclaimer: The information contained in this presentation is for general guidance only and provided on the understanding that the author is not herein engaged in rendering legal advice. As such, it should not be used as a substitute for legal consultation. The author accepts no liability for any actions taken as response hereto. It is the responsibility your organization to adopt measures that deems appropriate to achieve GDPR compliance. vcv March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 1

  3. Questions to the audiance Is your organization currently ready for / compliant with the GDPR? Yes?  No?   Not sure? How are other companies doing? https://www.gartner.com/newsroom/id/3701117 Who should be responsible for data privacy in your view? Business?  IT?   Both? On what level should data privacy be addressed in the organization?  Strategic level?  Tactical level?  Operational level?  All these levels above? March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 2

  4. Analogy: processing financial transactions Key elements: Fiscal law, etc. Tax officer • Legislation • Legal/fiscal authority • C-Level executive • Internal control function • Governance & policies • Management layer C-level • Record/bookkeeping executives • Operations/execution layer (CFO) • Money flow in/out • External stakeholders Policy Financial Head of Finance Controller Bookkeeping system Processing financial transactions € out € in External stakeholder(s) stakeholder(s) Clerk March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 3

  5. Analogy: processing privacy relevant data DPA GDPR Key elements: (Data Privacy Legislation • Legislation Authority) • Legal authority • C-Level executive • Internal control function • Governance & policies • Management layer C-level • Record/bookkeeping system executives • Operations/execution layer & tools (CIO/CDO) • Dataflow in/out • External stakeholders Policy (e.g. data subjects, external controllers & processors) DPO Data controller (Data privacy Officer) Privacy “bookkeeping” Processing privacy relevant data Data out Data in Stakeholder(s) External like data stakeholder(s) subjects Data processor Article on data privacy bookkeeping: https://executive-people.nl/587119/privacy-boekhouding.html March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 4

  6. The roadmap to GDPR compliance Key questions Idenfity the context of privacy relevant data Where (systems) is privacy relevant data used/stored? How & where is it processed (business process)? For what (lawful) purpose? What are the relevant (legal/fiscal) retention rules? Document outcome in your data register & records and retention scheme Assess & prioritize privacy risks What are the identified privacy risks (PIA)? Gap analysis regarding organizational & technical measures Evaluate risks, measures & prioritize. Develop and execute a privacy program How to mitigate the identified privacy risks? What are our data privacy policies and procedures? How do we govern/evaluate (ongoing) data privacy? Technical measures : What are the appropriate privacy enhancing tools? Implement technical measures based on defined policies Etc. March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 5

  7. Presentation focus area: PET in the context of SAP The presentation has a main focus on privacy enhancing technology available in SAP and will touch also some of the data privacy relevant processes this technology can be used for. We will not focus on governance, relevant data privacy processes, roles and responsibilities, etc. March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 6

  8. Part 1 – GDPR key aspects put into context March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 7

  9. GDPR Article 24(1): the GDPR Key aspects The GDPR contains 99 articles. You can read the full legislative text of the EU GDPR here: https://gdpr-info.eu/ and here in different languages: Directive 95/46/EC (General Data Protection Regulation) http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679 March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 8

  10. The nature, scope, context, purpose, risk of processing personal data & appropriate measures Determine risks of Determine risks of Identify the Identify the Identify Identify Identify the Identify the Identify the context: Identify the context: processing the data processing the data context: determine context: determine where where purpose for purpose for determine the determine the and implement and implement the lawful basis the lawful basis privacy privacy processing processing retention and retention and appropriate appropriate for processing for processing relevant relevant personal data personal data deletion periods deletion periods (technical) (technical) data lives data lives (identify (identify (displayed: a few (displayed: a few and triggers and triggers measures measures in your in your relevant relevant examples of a examples of a (some examples) (some examples) SAP SAP business business lawful basis) lawful basis) system system processes ) processes ) SAP ILM RM SAP ILM RM Delete after Delete after Consent Consent Consent Consent withdrawn withdrawn management management consent consent Personal Personal SAP ILM RM SAP ILM RM data data (in SAP) (in SAP) Authorization Authorization Purpose(s) of Purpose(s) of Legal Legal concept concept processing processing obligation obligation Retain Retain personal data personal data based on based on Data masking Data masking legal legal retention retention contract contract times per times per country country Anonymization Anonymization NL x years NL x years DE y years DE y years Data breach Data breach prevention & prevention & detection detection Etc. Etc. March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 9

  11. What is considered privacy relevant data? Identify 10 where privacy relevant data lives in your SAP “ 'personal data' means any information relating to an system identified or identifiable natural person 'data subject'; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person ” Art. 4 Sec. 1 GDPR What does this mean for SAP Business Suite and SAP S/4HANA?  Data in SAP Business Suite and SAP S/4HANA is or might become personal data. A Sales Order is linked to the Business Partner (ID). The sales order itself could contain additional personal data – or can reveal personal Personal data (purchases person X). data (in SAP)  Combinations of attributes might become personal data – as soon as it is possible to identify the person behind. Example: information combined from ECC, CRM, BW, etc. “Personal data” is defined as “any information relating to an identified or identifiable natural person” March 29, 2018 D&IM Services – SAP Information & Data governance | Data Privacy | Archiving | ILM | DVM | System Decomisioning | HANA Data Temperature Management Page 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Solved! WHY? You take good care of your clients so you also care for their dataprivacy Your

Solved! WHY? You take good care of your clients so you also care for their dataprivacy Your

EU General Data Protection Regulation (GDPR) Solved! WHY? You take good care of your clients so you also care for their dataprivacy Your clients can feel safe and protected since you care about them The General Data Protection Regulation

436 views • 8 slides
GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci

GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci

GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci manuelasalvucci@rcsi.ie 2019-11-06 1 . 2 OUTLINE OUTLINE What is version control? Why bother with formal version control? How to install and get started

1.7k views • 136 slides
23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop place 1. workshop major targets 2. schedule, lunch boxes, banquet 3. your badge 4. weather forecast 5. workshop photo 6. scenery after workshop

256 views • 11 slides
x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip

x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip

x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip to c:\workshop Install: 010EditorWin32Installer402.exe nasm-2.10.05-installer.exe SysinternalsSuite.zip tdm64-gcc-4.7.1-2.exe

724 views • 40 slides
Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

White Hat Shellcode Workshop Didier Stevens Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop . First example: loading/unloading a DLL Start calc.exe Start procexp.exe (Process Explorer) and

471 views • 23 slides
Strata forms workshop Landgate Workshop purpose This workshop has been developed for

Strata forms workshop Landgate Workshop purpose This workshop has been developed for

Strata forms workshop Landgate Workshop purpose This workshop has been developed for conveyancers and property lawyers who handle strata titles and want to build their confidence and understanding in form completion of the: Application

536 views • 21 slides
WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48 registered participants WDO WORKSHOP Opening remarks Reflections on ACERs First Monitoring Report and the Balancing Network Code Gas Department

1.51k views • 111 slides
WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48 registered participants WDO WORKSHOP Opening remarks Reflections on ACERs First Monitoring Report and the Balancing Network Code Gas Department

1.43k views • 120 slides
Design Thinking Workshop Welcome to the workshop. Hand in your

Design Thinking Workshop Welcome to the workshop. Hand in your

Design Thinking Workshop Welcome to the workshop. Hand in your worksheets. Well come back in 5 minutes! Excited by the workshop? Stick around and help us test our ideas!

513 views • 34 slides
Biodiversity and Resilience of Agroecosystems Workshop March 7 &8, 2013 This workshop is

Biodiversity and Resilience of Agroecosystems Workshop March 7 &8, 2013 This workshop is

Biodiversity and Resilience of Agroecosystems Workshop March 7 &8, 2013 This workshop is the first of a workshop series in preparation for the 2014 Resilience Conference to be held in Montpellier, France 1 . The objective of the workshop

388 views • 3 slides
Treasurers Workshop Welcome to our Treasurers Workshop Housekeeping A little about me

Treasurers Workshop Welcome to our Treasurers Workshop Housekeeping A little about me

Treasurers Workshop Welcome to our Treasurers Workshop Housekeeping A little about me Introductions Overview of the Workshop & Participant Expectations - 15 minutes The Role of Treasurer, Must Do, Should Do, Could Do -

534 views • 36 slides
ESD Regional Workshop Year 2 Workshop 1 WSLA Year 2 u u Workshop 1 WSLA Curriculum

ESD Regional Workshop Year 2 Workshop 1 WSLA Year 2 u u Workshop 1 WSLA Curriculum

ESD Regional Workshop Year 2 Workshop 1 WSLA Year 2 u u Workshop 1 WSLA Curriculum Strands GOALS for the day: Refresh the leadership focus needed for the implementation of the Academy work in Year 2 Continue to examine the

307 views • 30 slides
RAs TLAFs Workshop RAs TLAFs Workshop Dundalk, 26 th July 2010 Objective of the Workshop

RAs TLAFs Workshop RAs TLAFs Workshop Dundalk, 26 th July 2010 Objective of the Workshop

RAs TLAFs Workshop RAs TLAFs Workshop Dundalk, 26 th July 2010 Objective of the Workshop Objective of the Workshop Proposed decision on TLAFs published on 18 th June; June; Workshop is an opportunity for industry to put forward their

197 views • 19 slides
Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to

Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to

The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011 Version 2.0 Final 3 Bro

620 views • 57 slides
sparqs National Conference 2015: Workshop and Presentation Outlines Workshop Session 1: 10.30

sparqs National Conference 2015: Workshop and Presentation Outlines Workshop Session 1: 10.30

sparqs National Conference 2015: Workshop and Presentation Outlines Workshop Session 1: 10.30 11.30 Please choose one workshop from the list below. Workshop 1.1: Student Partnership in First Year curriculum design positives and pitfalls

686 views • 10 slides
ICT Workshop ICT Workshop ICT Workshop ICT Workshop Aims For The Afternoon: Aims

ICT Workshop ICT Workshop ICT Workshop ICT Workshop Aims For The Afternoon: Aims

ICT Workshop ICT Workshop ICT Workshop ICT Workshop Aims For The Afternoon: Aims For The Afternoon: Aims For The Afternoon: Aims For The Afternoon: Create an awareness of the importance of ICT in your childs education

1.58k views • 13 slides
T14 November 18, 2004 1:30 PM A UTOMATED D ATABASE T ESTING WITH NU NIT Alan Corwin Process

T14 November 18, 2004 1:30 PM A UTOMATED D ATABASE T ESTING WITH NU NIT Alan Corwin Process

BIO PRESENTATION T14 November 18, 2004 1:30 PM A UTOMATED D ATABASE T ESTING WITH NU NIT Alan Corwin Process Builder, Inc. International Conference On Software Testing Analysis & Review November 15-19, 2004 Anaheim, CA USA Alan Corwin

748 views • 46 slides
TSC Presentation EHR System Function and Information Model (EHR-S FIM) Release 3.0 Preparation (

TSC Presentation EHR System Function and Information Model (EHR-S FIM) Release 3.0 Preparation (

TSC Presentation EHR System Function and Information Model (EHR-S FIM) Release 3.0 Preparation ( ISO/HL7 10781 r3:2017 EHR-S FIM) Co-Chairs: Gary Dickinson, Don Mon, Helen Stevens Love, Mark Janczewski, John Ritter, Patricia Van Dyke Facilitator:

453 views • 19 slides
Budget Status Update and Follow-up to February Workshop Presented by: Mark Mathers, Chief

Budget Status Update and Follow-up to February Workshop Presented by: Mark Mathers, Chief

Budget Status Update and Follow-up to February Workshop Presented by: Mark Mathers, Chief Financial Officer Mike Schroeder, Budget Director March 12, 2019 Attachment A Agenda 1. Review of FY20 Proposed Budget Reductions with Minimal to

774 views • 33 slides
Dec ecem ember ber 5 & 5 & 8, 8, 20 2016 16 Th The Single le Plan n for Studen

Dec ecem ember ber 5 & 5 & 8, 8, 20 2016 16 Th The Single le Plan n for Studen

Local Distri trict t Northeas heast Dec ecem ember ber 5 & 5 & 8, 8, 20 2016 16 Th The Single le Plan n for Studen ent t Ach chiev evement ement (SPSA) A) is a w writte ten n plan developed by the School Site

1.08k views • 76 slides
TITLE LAYOUT Updating Purchasing Procedures and Forms KEEPING UP WITH THE LEGISLATURE Learning

TITLE LAYOUT Updating Purchasing Procedures and Forms KEEPING UP WITH THE LEGISLATURE Learning

Subtitle TITLE LAYOUT Updating Purchasing Procedures and Forms KEEPING UP WITH THE LEGISLATURE Learning Objectives Learn new requirements related to vendors not boycotting Israel (House Bill 89) and anti-terrorism verifications (Senate

856 views • 67 slides
Simple Description of Relational Databases Simple Diagrams A schema is represented by a

Simple Description of Relational Databases Simple Diagrams A schema is represented by a

Simple Description of Relational Databases Simple Diagrams A schema is represented by a networked diagram Nodes represent tables Name of the table labels the node Interior of the node are the name of the attributes Underline

501 views • 22 slides
Before we get started A copy of todays webinar slides is currently available for download

Before we get started A copy of todays webinar slides is currently available for download

Before we get started A copy of todays webinar slides is currently available for download on the SEDS Resource Site LEA Special Education Point of Contact (LEA SE POC) resource page:

456 views • 44 slides
Registrar Outreach Contractual Compliance | ICANN 54 | 22 October 2015 Agenda Brief Update

Registrar Outreach Contractual Compliance | ICANN 54 | 22 October 2015 Agenda Brief Update

Registrar Outreach Contractual Compliance | ICANN 54 | 22 October 2015 Agenda Brief Update Since ICANN 53 RAA Lessons Learned Summary Whois ARS Compliance Update Suspension Communication Update Communicating with Contractual

961 views • 82 slides

More recommend