Onapsis Helps SAP Customers Check GDPR Compliance
9.12.2017 securityweek Privacy
Onapsis, a company that specializes in securing SAP and Oracle business-critical applications, announced this week that it has added automated GDPR compliance capabilities to the Onapsis Security Platform.
The new functionality allows organizations using SAP products to quickly determine if they meet data protection requirements. The system is capable of identifying SAP systems that need to be compliant with the General Data Protection Regulation (GDPR), specifically systems that process or store user data. Onapsis believes a majority of SAP systems fall into this category.
Non-compliant systems are flagged by the Onapsis Security Platform and users are provided guidance on how to address the issue. Newly added systems that need to be GDPR compliant are automatically included in the next audit.
“In speaking to our customers, we know that GDPR is a complicated mandate and many organizations are struggling to determine if or how their SAP landscapes are relevant,” said Alex Horan, Director of Product Management at Onapsis. “With this in mind, Onapsis’s newly released audit policy within the Onapsis Security Platform (OSP) automatically evaluates any SAP system through the lens of the data protection requirements of GDPR. This includes both data at rest, data in transit and the assessment of data access or authorizations.”
GDPR, expected to come into effect in May 18, requires businesses to protect the personal data and privacy of EU citizens. While the regulation is designed to protect the data of EU citizens, it affects organizations worldwide. Failure to comply can result in penalties of up to €20 million or 4% of global profit.
A study conducted earlier this year by the UK & Ireland SAP User Group showed that 86% of SAP customers did not fully understand the implications of GDPR. More than half of respondents said the increasing use of cloud technology and workforce mobility increased their compliance challenges.
SAP recommends its GRC (Governance, Risk, Compliance) solutions for ensuring GDPR compliance, and nearly half of the respondents taking part in the SAP User Group study had been leveraging SAP GRC. Many of those who had not used it believed GRC was either too expensive or too complicated.