AGLEA Blog

How to protect and manage personal data in SAP? What are the common questions?

How to deal with it when you have several systems and a lot of data? We talked about this at an event on November 15 together with EPI-USE.

When and why would you need such a system?

Data Rentention in SAP why may it be needed? Not only for data security reasons or compliance with the GDPR.

What does it mean in SAP to manage data retention?

Why is it necessary to protect data in non-production environments?

We discussed this on 14/05/2020 at our webinar together with EPI-USE.

Have you ever heard Data Subject Request (DSR)? It is a request to know where, what and how our personal data is handled.

In fact, every European citizen, through the GDPR (Art. 15), has the possibility to request a copy of his or her personal data for information purposes. Whatever service it is.

There are many companies that provide SAP consulting. Each of these, in most cases, also provides support in the SAP security area.

This is absolutely normal. But what is the degree of expertise on these issues?

How much does slavishly following company procedures lead to problems?

Are there any solutions? But what are the impacts in security management? Can we be affected by digital stupidity?

How many times have we heard in the company when creating a new user, "give me a colleague as a reference," that is, in the process of defining a new user, we reason more by copy than by corporate trade.

But is this approach correct? Or does it present some possible problems?

Profiling also exists and can be implemented in the SAP HANA database.

But not all roads lead to the same result. Some choices may not be ideal in the long run and in the management of authorizations in SAP HANA. What is important to know when defining SAP HANA roles?

This is not always done as this database is mainly used when using SAP applications. Such as S/4HANA.

For many companies using SAP (if not all of them) it is absolutely normal to 'undergo' inspections by external entities. Especially for the auditing of balance sheet data.

A common practice is to enable everything to the auditors. And from the perspective of maximum transparency it could certainly make sense. But is it possible to evaluate or reason differently? Continue reading...