Metadata discovery software vendor Silwood Technology Ltd has produced two guides revealing how to find personal data using its GDPR Starter Packs for SAP and JD Edwards.
The GDPR Starter Packs are available for major application packages – SAP, Oracle E-Business Suite, Microsoft Dynamics AX 2012, JD Edwards and Siebel – enabling users to quickly and simply identify the precise location of Personal Data.
They are underpinned by Safyr®, a dedicated metadata discovery software, which enables users to access, understand, share and utilise the underlying data structures for all major application packages.
Research conducted recently by Silwood Technology Ltd demonstrated the scale of the challenge encountered by users of large ERP and CRM packages when locating personal data for GDPR compliance.
The research revealed that in SAP alone there are over 900,000 fields that may (or may not) contain personal information that require data discovery and risk assessment. The size and complexity of the large ERP and CRM databases mean that businesses that are not well-advanced in data discovery or are undertaking manual discovery processes are probably not fully ready on time for GDPR. For instance, within a typical Siebel system, when searching for personal data, users will be faced with approximately 5,000 tables and 170,000 fields. Similarly, JD Edwards contains 5,000 tables and 140,000 fields.
Nick Porter, founder and technical director at Silwood Technology explained:
“While it is vital to perform this ‘discovery’ work for any GDPR project, without a clear understanding of where personal data is located in each of the systems in an enterprise, it will not be a straightforward task to carry out any of the steps to reach GDPR compliance.”
He also confirmed that interest in the Starter Packs is still strong, the day before the compliance deadline, and the reasons are twofold: “Firstly, it is highly unlikely that all organisations will have documented Personal Data in leading packages by the 25 May 2018. Therefore, those that are not fully compliant will need to undertake this work later as part of their data protection programme. As a result, there is an urgency now to find tools to find data quickly and accurately.”
Finding personal data in an ERP system for GDPR compliance
The ‘Data’ in the GDPR is what the guidance calls Personal Data. For example, if a living individual can be identified from any data being processed, it is covered by GDPR. This might be a single piece of information, like a Social Security Number, or several pieces of data that can be combined to identify someone (e.g. Name and Date of Birth).
Exactly what constitutes Personal Data will vary from customer to customer, depending on the industry type. For example, in the healthcare sector, Patient Number would be a means to identify a person, but this would be irrelevant in, say, manufacturing.
Working out which tables store personal data that needs to be reviewed for the GDPR is a challenge in any environment, but particularly so where the system is one or more of the large Application Packages, from the likes of Oracle, SAP, Salesforce and Microsoft.
The two guides describe how to use Safyr® to ‘scope’ the potential tables that store ‘relevant’ personal data in a JD Edwards EnterpriseOne (sometimes also known as OneWorld) and SAP systems. In this case, the Silwood research team was looking for tables which store ‘Birth’ information – Date of Birth, Year of Birth, etc. – all pieces of data that can help to uniquely identify an individual. However, the process would work for any data which comes under the general definition of Personal Data. (Article 4 – Definitions, Section 1 of the Regulations defines the scope of data covered).
Many JD Edwards and SAP systems have been customised so rather than providing a reference model, Safyr is more effective and useful because it extracts metadata from the application as implemented – including customisations.
Indeed, one of the major benefits of Silwood Technology’s Starter Packs is that they will work with the customer’s own system. Users can easily overlay the Safyr Subject Areas on the metadata extracted from customised application packages.
Please contact info@silwoodtechnology.com for full information on the GDPR Starter Packs.
Silwood Technology Ltd is the leading supplier of enterprise Application Metadata Discovery software. The company has pioneered the use of metadata extraction and analysis for the purpose of building accurate data models of Enterprise Applications including SAP, SAP BW, SAP S/4HANA, Salesforce, Siebel, PeopleSoft, JD Edwards EnterpriseOne, Oracle E-Business Suite and Microsoft Dynamics AX 2012.