Silwood Technology, provider of Safyr metadata discovery software, has turned its attention to how firms running vendor application packages can meet the May 25, 2018 compliance deadline for General Data Protections Regulation (GDPR).
The company has researched five large and widely used application packages – SAP, JD Edwards, Microsoft Dynamics AX 2012, Siebel and Oracle E-Business Suite – to determine how difficult it will be to identify personal data in the applications (rather than databases) as required by GDPR. The terms data of birth and social security number were selected for research purposes, although many other elements of personal data could be used, and searches were performed to see how often they appeared. Safyr retrieves metadata about each application from the application layer, including any customisation, and can return searches in a few minutes.
Silwood’s research looked at several instances of each package to provide an indication of how many occurrences of each personal data field might be found in a typical system. By way of example, it found there are typically more than 90,000 tables in a SAP ERP system and over 900,000 fields. Social security number appeared in over 900 tables and date of birth in over 80 tables.
Nick Porter, founder and technical director at Silwood, points out that less than 1% of a typical SAP system contains personal data, but it could cause GDPR data breaches costing an organisation up to 4% of its annual turnover. While some firms are approaching the discovery of personal data manually, Porter argues that at this stage in the GDPR game, automation is the only way to reach compliance on time.
He says: “Silwood and Safyr are a small, but important part of GDPR compliance. The market is short on data discovery tools, which are often the elephant in the room, but we bring automation to identifying personal data, not just for GDPR, but for programmes that need to govern data but must first find the data.”
Safyr acts as a repository of metadata from a vendor package and identifies where the data is in the system. With the data discovery task done, Silwood exports the metadata to partners and resellers offering data analysis and governance for GDPR. These include ASG Technologies, IBM, Adaptive, Datum and Erwin, many of which use Safyr as a scanner for personal data embedded in vendor application packages.
Silwood has also released a Safyr GDPR Starter Pack for SAP users trying to find personal data in their ERP systems and will soon release a starter pack for JD Edwards. Starter packs for the other vendor applications mentioned above are in development.