Press Release

Onapsis Helps Organizations Map SAP Data to GDPR Compliance Requirements

Boston, MA – September 21, 2017 – Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today released “SAP and GDPR: Keeping your Organization Ahead of the Upcoming EU Law.” With the GDPR enforcement date of May 2018 and steep fines of up to 4% of profit or €20 million looming, organizations are still struggling to understand this policy and how they will adhere to it. This guide aims to provide SAP customers an overview of GDPR, how it affects them and how they can begin a plan to become compliant.

Research conducted by the UK & Ireland SAP User Group shows 86% of SAP users do not fully understand how GDPR will affect their SAP landscapes and how to reach compliance. It is almost certain GDPR will have an impact, in some way or another, on any company large enough to have chosen SAP, which touches all aspects of the business. In fact almost every SAP system includes GDPR’s core element: personal data.

“SAP and GDPR: Keeping your Organization Ahead of the Upcoming EU Law” will take a deep dive into how these mandates affect SAP specifically. It examines the types of personal data and where it may be stored in the SAP human capital management system, as well as other “infotypes” to consider including customer data, vendor data, partners, credit cards and user administration.

“At Onapsis we have received numerous questions and requests from our customers who are wondering if SAP needs to be included in their GDPR readiness plans. The truth is, SAP handles many different types of personal data, ranging from customers and employees to partners, and should absolutely be considered when organizations are dealing with compliance mandates. In fact these companies are finding that gearing up for GDPR will not be a mere tweak of the current company privacy policy but rather a complete overhaul of existing business processes. With help from our customers we have been able to build specific GDPR compliance checks into the Onapsis Security Platform to allow for a quicker and more automated way to check if their SAP landscapes are in compliance,” said Alex Horan, Director of Product Management, Onapsis.

Sebastian Bortnik, Head of Research, Onapsis, adds, “With the growing trend in cyberattacks targeting SAP applications, most organizations are moving past relying completely on roles and profiles (SoD) and GRC for their security management and adopting a more complete security strategy. For any organization that has done a vulnerability analysis or truly identified where the key personnel or employee information rests in SAP, they know already that GDPR is relevant to these systems. The goal of this guide is to show SAP customers where they can look in their SAP implementations to discover if the data is there and the steps they can take to not just ensure compliance, but secure this data from inside and outside threats.”

“SAP and GDPR: Keeping your Organization Ahead of the Upcoming EU Law” is now available for download.

About Onapsis Research Labs™

SAP and Oracle Security Threat Intelligence is produced by Onapsis Research Labs, a team of leading security experts who combine in-depth knowledge and experience to deliver technical analysis with business context and provide sound security judgment to the market. The team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers and has released over 150 advisories to date, with over 100 affecting Oracle EBS; has consulted on impact with over 180 Onapsis enterprise customers; and regularly presents at leading security, Oracle and SAP conferences around the world. Onapsis was the first to deliver “SAP Security In-Depth” publications that provide detailed analysis on security risks impacting SAP and SAP HANA and are now the first to deliver “Oracle Security In-Depth” publications focusing solely on Oracle application security.

About Onapsis

Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses. Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cybersecurity solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator.

For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.