Security Experts:

Connect with us

Hi, what are you looking for?



Onapsis Helps SAP Customers Check GDPR Compliance

Onapsis, a company that specializes in securing SAP and Oracle business-critical applications, announced this week that it has added automated GDPR compliance capabilities to the Onapsis Security Platform.

Onapsis, a company that specializes in securing SAP and Oracle business-critical applications, announced this week that it has added automated GDPR compliance capabilities to the Onapsis Security Platform.

The new functionality allows organizations using SAP products to quickly determine if they meet data protection requirements. The system is capable of identifying SAP systems that need to be compliant with the General Data Protection Regulation (GDPR), specifically systems that process or store user data. Onapsis believes a majority of SAP systems fall into this category.

Non-compliant systems are flagged by the Onapsis Security Platform and users are provided guidance on how to address the issue. Newly added systems that need to be GDPR compliant are automatically included in the next audit.

“In speaking to our customers, we know that GDPR is a complicated mandate and many organizations are struggling to determine if or how their SAP landscapes are relevant,” said Alex Horan, Director of Product Management at Onapsis. “With this in mind, Onapsis’s newly released audit policy within the Onapsis Security Platform (OSP) automatically evaluates any SAP system through the lens of the data protection requirements of GDPR. This includes both data at rest, data in transit and the assessment of data access or authorizations.”

GDPR, expected to come into effect in May 2018, requires businesses to protect the personal data and privacy of EU citizens. While the regulation is designed to protect the data of EU citizens, it affects organizations worldwide. Failure to comply can result in penalties of up to €20 million or 4% of global profit.

A study conducted earlier this year by the UK & Ireland SAP User Group showed that 86% of SAP customers did not fully understand the implications of GDPR. More than half of respondents said the increasing use of cloud technology and workforce mobility increased their compliance challenges.

SAP recommends its GRC (Governance, Risk, Compliance) solutions for ensuring GDPR compliance, and nearly half of the respondents taking part in the SAP User Group study had been leveraging SAP GRC. Many of those who had not used it believed GRC was either too expensive or too complicated.

Related: RSA Unveils New GDPR Compliance Offerings

Related: SAP Patches Critical Issues With November 2017 Security Updates

Related: 75 Percent of U.S. Companies Think GDPR Doesn’t Apply to Them

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.