A smarter way to find Personal Data in your ERP or CRM systems for GDPR
Data management, GDPR and the status quo
We have just released the latest version of Safyr® which contains new features which have been largely driven by the need to deliver ERP or CRM metadata for GDPR.
Whilst Safyr has been available for many years and has been used by hundreds of organisations, there are those who have either not found the product or not heard of it.
Some of course have seen the product and decided not to use it, which is sometimes puzzling given the requirements they have for discovering the metadata in those packages and the lack of any sensible alternatives to Safyr.
Some time ago I showed our metadata discovery software product to a senior project architect from a large Systems Integrator. At one point during the demonstration he became very quiet and I asked him what was the matter. “Nothing”, he replied, “it’s just that I have 12 consultants on a single SAP project trying to do over the next few months, what Safyr does in an afternoon.”
Unfortunately their business model did not permit them to change course and use Safyr to deliver what the customer needed. However that story continues to come back to me from time to time when we talk to customers about what our software does and they are deciding whether to stick with their status quo or do something different for metadata discovery to support their data initiatives.
As anybody involved in promoting change will know, the biggest challenge is “doing what we have always done”. In other words, it is commonly not until the system (status quo) feels sufficiently threatened that real change happens.
I was thinking about this in the context of GDPR recently. It is possible that the requirements for compliance with the European Union’s General Data Protection Regulations will be a catalyst for change in the way many large organisations collect, manage and protect personal data.
Why will GDPR accelerate change?
Unlike many regulations in the past the potential penalties for non compliance are much a larger and potentially classed as material from an accounting point of view.
Imagine being a Chief Financial Officer or Chief Executive Officer and having to explain to your shareholders why you have had to pay 4% of global turnover to the regulator and what damage that has done to the value of your global brand and future prospects. The risk is too big to ignore. GDPR represents the type of compelling event faced by organisations of all sizes which prompts, or necessitates change.
In addition there is an argument that putting more effective processes in place for managing data in order to comply can lead to better outcomes for a business.
Hopefully companies are taking the problems associated with GDPR seriously. Many have been on this path for a while. If you have only recently started however, then time is short in which to be able to demonstrate compliance as the date when the regulations come into effect is May 2018.
For those large organisations which are only recently coming to the party it is probably time to start thinking about using software tools to automate as much of the work as possible. It is too late to simply employ battalions of consultants as they are unlikely to be able to physically get through the work required in time.
Needles in haystacks? Where is the Personal Data in your ERP and CRM systems?
One of the challenges organisations are likely to face in the race to GDPR compliance is knowing where Personal Data is stored in their systems. In many instances this is quite easy to determine.
However, if your organisation is running enterprise CRM or ERP applications from SAP, Oracle, Salesforce, Microsoft or others then it will be more of a challenge, especially if you do not already know its location. This is because of the size, complexity and level of customisation of their underlying data models. Also in most cases the metadata is opaque because the database System Catalogue provides nothing useful in the form of business names for tables and fields and no information about table relationships.
As an example, SAP Business Suite contains over 90,000 base tables before customisations are made and more added. Tables have ‘useful’ names such as KNA1, MANDT and TZPA.
SAP provides no easy way to search and navigate this huge data model. Similarly Information Management software vendors do not have tools for this task and usually rely on internal expertise and external services personnel to deliver this information.
This is why it would take a significant amount of resource and time to locate Personal Data in any of these systems.
Continuing the SAP based example for GDPR, you might need to know where any attribute which contains the string “birth” exists in your SAP system and then determine whether it is relevant for compliance. Without a product designed for this task, finding that metadata could take days, weeks or longer.
Safyr is just such a product and allows this sort of search to be completed in moments. As you can see in the image above, our development SAP environment “birth” occurs 25 times. Safyr may give results at variance with these if it extracted the metadata from your system as it might be based on different version or contain your own customisations.
Now it is easy to create a subset, or Safyr Subject Area, called “SAP birth attributes” (highlighted in the image below) which contains the tables that contain that information and restrict the results to only the marked fields containing “birth”.
In the image above you can also see that in some tables eg. PA0177, the attribute “birth” appears more than once. Being able to focus in on these specific areas so quickly gives you more time to identify which are relevant for compliance.
From here it is simple to export the results to Excel, using Safyr’s new Metadata Reporting module, or to modeling tools, or for use with metadata management and information governance tools and solutions.
Contrast this with the manual, time consuming and often expensive methods commonly associated with data discovery and hopefully you can begin to see how Safyr makes such a valuable contribution to the delivery of many Data and Information Management projects. Safyr means that you are always working with your own metadata, as implemented, reducing the risk of inaccuracies being introduced.
Learn more about how Safyr and how its key new features support GDPR and PII for ERP & CRM
“Progress is impossible without change, and those who cannot change their minds cannot change anything.” George Bernard Shaw
Roland Bullivant
Silwood Technology Limited
Leave a Reply
Want to join the discussion?Feel free to contribute!