GDPR and data analytics – A fundamental part of business strategy
The new General Data Protection Regulation (GDPR) is a hot topic right now and calls for action by companies of every size.
Our data analytics and audit management solutions offer you every opportunity to comply with the relevant requirements. In this article, I shall briefly examine our software’s compliant interfaces to the GDPR.
These cover three main areas: the protection of personal data when performing exports, the ability to perform pseudonymised processing in the data analytics tool, and the ability to administer associated controls and guidelines.
1. Protection of data during access and when exporting from SAP®
We started offering the add-on privacy protection module for our dab:Exporter extraction tool for SAP® data back in 2010. It allows you to automatically pseudonymise/anonymise personal data, or to completely exclude them from export processes. This means that personal data may not, as the case may be, even appear in the plain text of the analytics environment.
Fig. 1 – Data privacy settings in dab:Exporter
2. Pseudonymised processing in the data analytics tool
Sometimes, especially if data are extracted from other systems or supplied by specialist departments, there are also options to hash these data in the analytics tools ACL™ Analytics or ACL™ Analytics Exchange. These features are included in the tools free of charge.
Fig. 2 – Hashing of user names in the ACL™ Analytics software
3. GDPR compliance framework for audit & risk management
The solutions portfolio is completed by frameworks for IT and compliance standards in ACL™ GRC – including the aforementioned new European General Data Protection Regulation, which is available as premium content for ACL™ GRC.
You can map the requirements of the GDPR in relation to your measures and controls within the company, perform associated automated self-assessments and receive pre-defined reports on the level of cover and any weaknesses.
Fig. 3 – GDPR content for ACL™ GRC audit, risk and compliance management
Conclusion
As shown above, our solutions will equip you for the requirements of the European General Data Protection Regulation (GDPR). However, the article also emphasises the importance which we, as your business partner, attach to data privacy in general and, more particularly, to the proper handling of sensitive, personal data. We already started to incorporate these aspects into our software in 2010 within the context of the amendments to section 32 of the Federal Data Protection Act (BDSG). This shows how seriously we take this subject.
We are convinced that there can be no “either/or” option when it comes to data analytics and data protection – it is essential to consider the issues as an integrated whole if we are to make data analytics a fundamental part of business strategy.