Onapsis, a company that specializes in securing SAP and Oracle business-critical applications, announced this week that it has added automated GDPR compliance capabilities to the Onapsis Security Platform.
The new functionality allows organizations using SAP products to quickly determine if they meet data protection requirements. The system is capable of identifying SAP systems that need to be compliant with the General Data Protection Regulation (GDPR), specifically systems that process or store user data. Onapsis believes a majority of SAP systems fall into this category.
Non-compliant systems are flagged by the Onapsis Security Platform and users are provided guidance on how to address the issue. Newly added systems that need to be GDPR compliant are automatically included in the next audit.
“In speaking to our customers, we know that GDPR is a complicated mandate and many organizations are struggling to determine if or how their SAP landscapes are relevant,” said Alex Horan, Director of Product Management at Onapsis. “With this in mind, Onapsis’s newly released audit policy within the Onapsis Security Platform (OSP) automatically evaluates any SAP system through the lens of the data protection requirements of GDPR. This includes both data at rest, data in transit and the assessment of data access or authorizations.”
GDPR, expected to come into effect in May 2018, requires businesses to protect the personal data and privacy of EU citizens. While the regulation is designed to protect the data of EU citizens, it affects organizations worldwide. Failure to comply can result in penalties of up to €20 million or 4% of global profit.
A study conducted earlier this year by the UK & Ireland SAP User Group showed that 86% of SAP customers did not fully understand the implications of GDPR. More than half of respondents said the increasing use of cloud technology and workforce mobility increased their compliance challenges.
SAP recommends its GRC (Governance, Risk, Compliance) solutions for ensuring GDPR compliance, and nearly half of the respondents taking part in the SAP User Group study had been leveraging SAP GRC. Many of those who had not used it believed GRC was either too expensive or too complicated.
Related: RSA Unveils New GDPR Compliance Offerings
Related: SAP Patches Critical Issues With November 2017 Security Updates
Related: 75 Percent of U.S. Companies Think GDPR Doesn’t Apply to Them

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
