SAP GDPR Data Analysis

2bm Sap gdpr data analysis

2BM’s SAP GDPR Data Analysis provides companies with an estimation of personal data protection in SAP. Included in the analysis, is an overview of the costs and resources associated with the implementation of the required technical and organizational measures needed to ensure GDPR compliance on the SAP platform for six specific areas, down to the technical fields including the legal basis and the retention period documented for each type of personal data. This is necessary to choose the appropriate activities for the implementation of GPDR compliance in SAP. Based on this information, your company will be able to decide which approach best fit your needs when considering cost versus risk for each technical measure on each system.

With GDPR project experience gained from our work with more than 10% of Scandinavia’s SAP ERP customers, we have built extensive knowledge on how to tackle the complexity of GDPR compliance in SAP. This knowledge combined with analysis of your data, enable us to estimate the extent of needed activities across the platform.

With 2BM’s SAP GDPR Data Analysis, the following technical measures are investigated in detail and solutions are provided, either through our own 2BM GDPR Suite, SAP Standard or through our partners:

Subject Access Report

  • Can your company deliver a Subject Access Report in time upon request (30 days).


  • Are you able to provide sufficient documentation of Who, What, Where, When and Why regarding personal data in SAP? With our analysis and solutions, we enable you to monitor and act accordingly before an incident may occur.


  • With 2BM Data Discovery tool, extensive SAP knowledge, and experience from many projects, we can perform an in-depth analysis of your system and its data.

The analysis covers:

  • Over 1.000 tables from all modules are included out of the batch
  • All own developed tables
  • All fields from standard and own developed tables are analyzed concerning personal data or sensitive personal data
  • Total number of registrations for each field is documented
  • Total number of rows for each table in documented
  • ILM/Archive object pr. table identified
  • Standard deletion program pr. table identified


  • The Authorization analysis focus on access to edit and read areas with personal data. Authorization with access to personal data areas must be clearly defined to job descriptions and only assigned persons who need the authorization to fulfil their job. With the analysis, we will identify these areas and make clear recommendations to your existing authorization concept.

IT security

  • With our IT security analysis your configuration parameters are investigated and mapped against our best practice ruleset. Our ruleset contains over 50+ parameters and its recommended settings, all mapped towards GDPR Compliance. Through one of our partners, we also have the possibility to make the IT security analysis even broader, by utilizing 3rd party software, we can not only look at security parameters, but also code inspection and transport configuration. The purpose of the analysis is to detect vulnerabilities on the system and minimize the risk of these.

Data anonymization

  • Recommendations on how to scramble personal data when copied to non-production systems.

The approach for the SAP GDPR Data Analysis is defined by 2BM and is 2BM’s interpretation of the requirements in GDPR.

The technical measures investigated are 2BM’s interpretation of the requirements set in article 5 of the General Data Protection Regulation (REGULATION (EU) 2016/679) and other articles.

With the 2BM’s SAP GDPR Data Analysis your get:

A report with full disclosure of the results found in the analysis including:

  • Subject Access Report
  • Logging
  • Authorization
  • Deletion
  • IT security
  • Data Anonymization

Estimation of the implementation of each technical measure is based on the analysis

  • Manual approach
  • Best practice/Customer specific




Related Events & News

Ny bestyrelsesformand til 2BM

En af de 100 vigtigste kvinder i Danmark blev den 23. april 2019 valgt som bestyrelsesformand hos SAP Konsulenthuset 2BM A/S: Caroline Søeborg Ahlefeldt, seriel iværksætter, CEO og bestyrelsesformand for Donkey Republic A/S og bestyrelsesmedlem hos Hartmanns A/S, Aarhus Universitet og Copenhagen Contemporary m.fl.

SAP License Compliance Conference

17 May - Stockholm 18 May - Copenhagen  Probably the first conference focusing only on SAP licensing. Come and join 2BM SAP License Compliance...

Nordic SAP GDPR Conference 2019

Join us at the Nordic SAP GDPR Conference in Copenhagen. The conference will focus on insurance of continuous GDPR compliance in SAP. 15 sessions – speakers from 2BM, Danish Defense Intelligence, PwC, Onapsis/Virtual Forge and SAP.

Webinar – GDPR compliance in SAP

In a new series of 1-hr webinars, we will educate you in the different approaches to achieving GDPR compliance in SAP – including implementation approach.

Webinar – HCM GDPR Compliance in SAP and SuccessFactors

GDPR Compliance with SuccessFactors Privacy Center. Many companies are struggling to become GDPR compliant before the deadline – 25 May 2018. Join this webinar to hear how we are helping our customers become GDPR compliant.

Webinar – GDPR House Cleaning in SAP HR

Join this webinar to learn the tricks on how to get started on house cleaning – get immediate value of your GDPR activities. It is a GDPR Requirement that personal data that is no longer needed for the primary processing purpose must be deleted – unless there are other retention periods defined by law or contract, in which case, the data has to be blocked.

United VARs Annual Meeting 2019

The United VARs Annual Meeting is coming up, and we thought we would recap last year’s Annual Meeting!

GDPR Compliance i SAP – Nordic SAP GDPR Conference – 23 May 2018

Nordic SAP GDPR Conference in Copenhagen will focus on how to be GDPR compliant in SAP. The Keynote will be held by Volker Lehnert, who is responsible for the development of GDPR functionality in SAP S/4HANA including Information Lifecycle Management (ILM) and other tools.

Webinar – Subject Access Reporting in SAP

Join us for a 30 minutes webinar, going through how 2BM Subject Access Report for HR can help organizations speed up the process of delivering a Subject Access Report.

Webinar – SAP GDPR Compliance

Comply with the GDPR for data retention with SAP Information Lifecycle Management, which is now license free. Join our 1-hour webinar to learn the different approaches on how to streamline your IT infrastructure and minimize risk by controlling your data in SAP.

Share This