SAP system copies, anonymization in compliance to GDPR

How can realistic tests be conducted when production data may not be used?

Personal data rightly deserve a high level of protection, not just since the Data Protection Act. In line with the purpose limitation of personal data, only data that are required for the specific business purpose may be processed, and only by a group of persons with a justified interest. For production environments, this is a process/organizational issue and, of course, also a matter of authorization.

But what about non-production environments? In practice, test systems are often updated with classic system copies, i.e. production data in non-production environments. Normally, many non-authorized users (developers, consultants, admins) have access to real data, which may be out of date, but still remains personal.

This confronts companies with a critical situation: on one hand, the test system must contain realistic data to enable useful testing, but on the other hand, no real data may be used. But how can realistic testing be carried out in test environments without real data?

This can be solved by anonymizing data so that they no longer have any concrete personal reference. It is an optimal method to provide test data according to the applicable requirements while avoiding risks regarding the Data Protection Act and operational data protection, security, and compliance. This sounds simpler than it is, because above all, it is important to continue to pay attention to reasonable and logical consistency, both within the system and across system boundaries within the landscape.

Libelle SystemCopy & Libelle DataMasking – a strong team for GDPR-compliant system and landscape copies

With this team of software solutions, you can update and anonymize your non-production systems with fresh production data, in compliance with data protection regulations (DSGVO), at any time, end-to-end. Automation and optimization reduce the effort and processing times of homogeneous system and landscape copies tremendously. Critical and sensible data are anonymized consistently, taking logical connections into account. Downtimes of the target systems are minimized, and the implementation can be carried out without the need for technical specialists.

The result is realistic, logically correct, and system-wide consistent data for the development and testing of software and business processes, across all platforms, both for SAP and non-SAP systems.

Based on our best practices from a variety of implementations, Libelle SystemCopy and Libelle DataMasking can usually be integrated into your environments in as little as 2-3 days.