Tips to Ensure Data Security and Privacy During Business Transformation
By Roger Elwell, Vice President, Strategic Partners and Alliances at SNP Link to article: https://www.cybersecurity-insiders.com/tips-to-ensure-data-security-and-privacyduring-business-transformation/
The complexity of digital transformation processes, like M&A and divestitures, leaves sensitive data vulnerable – open to the risk of being lost or hacked. During digital transformation projects, companies need to take steps to ensure that their data is safe and protected.
Companies must ensure a smooth transition when making a move to new application systems, and that includes setting up processes to safeguard sensitive data. Companies can help ensure data security and compliance by implementing best practices, such as conducting a thorough inventory to determine no personal data is being collected, adequately backing up data, and protecting it with appropriate security measures.
It’s a complicated undertaking, to say the least. How exactly do data privacy concerns play out during business transformation? Let’s take a look at an example to bring the issue to life and explore some ways companies can ensure security throughout their projects.
Illustrating the challenge
Whether it’s happening as a result of a merger or carveout, privacy issues around data migration are more complex than they appear. For example, when a company divests a few business units, what happens to the data housed in its enterprise resource planning (ERP) software, which is often SAP?
When the company sells off the business units, they are more likely to separate the divested units’ data from their production SAP landscape. According to the sales agreement, as is often the case, the seller must hand over the data for those business units in an SAP system. If this handover isn’t handled properly, data privacy issues come into play.
The seller may be tempted to simply create a copy of the data. It seems like the most straightforward approach since a copy would contain all the necessary data, functional add-ons, analyses, and reports. But, creating a copy of the data would also expose them to significant compliance issues, since that copy would also include all the data for the selling company. For compliance reasons, some of this data must be deleted from the copy.
Custom programming can address some of these issues, but it cannot guarantee the deletion of all the data or full compliance with data privacy laws. Furthermore, it also cannot ensure that the carved-out master and transactional data won’t affect the system’s integrity post-migration.
Besides, custom programming is only the least costly approach if the transferring unit has roughly the same amount of data as the rest of the company. But in most cases, the divested units only account for 5 percent to 10 percent of the total data volume.
That means that more than 90 percent of the data and organizational units need to be deleted from the system copy. And the Spinco data may be intertwined with Remainco’s at lower entity levels (e.g., plant, product level, etc.), further adding to the complexity.
Tips for safe transfer
The good news is that companies don’t have to rely only on custom programming. There are more reliable alternatives companies can choose to help them solve these challenges. Here are a few steps the seller in the above example could take to safely transfer the company codes, that would apply in many similar scenarios:
• Transfer all specified data to the divested unit’s system.
• Ensure that sellers only hand over data that belongs to the transferring organizational unit.
• Remove, either by deleting or anonymizing, specific data for the new company from the source system, as required by the relevant laws and regulations.
• Selectively transfer data for the divested units to an SAP system that uses the copied customizing settings from the source system.
• Only delete master and transaction data if it is uniquely assigned to the carved-out business unit.
Automating data migration processes helps reduce risk
Investing in automation can also help solve the security and compliance challenges involved in massive data migration. Here’s how automation helped one company ensure compliance during a series of data conversion projects.
After a series of acquisitions that brought entirely new client portfolios into their business, Jones Lang LaSalle (JLL), a financial and professional services firm specializing in commercial real estate services and investment management, needed to convert and integrate large sets of sensitive financial data. All the historical and master data needed to be available for forecasting, compliance reporting and financial reporting integrity. And, of course, availability of this data was key to ensuring service to new clients, while also maintaining JLL’s ability to complete transactions already in progress.
By partnering with an automation-driven transformation company, JLL was able to reduce the risks involved in merging and integrating the historical data. Additionally, automation helped JLL maintain the security and integrity of that historical data throughout the conversion process. Maintaining accurate financial transaction history was essential to helping JLL ensure compliance.
Keeping data safe during digital transformation projects is complex, but by following these tips, companies will be well-positioned to maintain compliance throughout the process. Automation can help reduce risk overall, but it’s essential that companies make sure they’re protecting sensitive customer and company data no matter what path they choose.
As Vice President of Strategic Partners and Alliances, Roger leads the SNP North America partner channel that delivers SNP’s BLUEFIELD™ approach for SAP S/4HANA to enterprise customers. Roger formerly led the North America sales organization that launched SNP’s software transformation solutions to Fortune 100 enterprises that accelerated their large M&A and SAP systems migration projects. Prior to SNP, he co-founded and was COO of GL Associates, a systems integrator delivering Oracle/JD Edwards ERP and software development solutions servicing the Fortune 500, and Cetova financial reporting software until their acquisitions by SNP in 2013.