Okadis EU-DSGVO Cockpit
Recertification: 03/2023
okadis Consulting GmbH is the manufacturer of the software tool EU-DSGVO cockpit. This tool can be integrated in an existing SAP installation as an additional module to support GDPR compliance. Users can easily get an overview of all personal data stored in SAP based ERP systems and deploy effective restriction (blocking) and anonymisation functionalities with the help of the tool.
The okadis EU-DSGVO Cockpit has been developed for ERP systems in the banking sector, but can also be used with other SAP applications in other industries. Its focus lies on personal data for business partner management and the associated business-related data (such as loans, posting documents or securities).
okadis EU-DSGVO Cockpit
v2.1
Qualification: IT product
View the okadis EU-DSGVO Cockpit certificate
EP-P-ZCBYHE
15/03/2023 – 31/03/2025
Initial Certification on November 03, 2020
2023 Short Public Report okadis EU-DSGVO Cockpit [PDF]
2020 Short Public Report okadis EU-DSGVO Cockpit [PDF]
okadis Consulting GmbH
Kölner Str. 12
65760 Eschborn
Germany
okadis EU-DSGVO Cockpit has been specifically developed to facilitate compliance with legal provisions related to data subjects’ rights.
As the controllers for the respective processing of personal data, users are responsible for the legitimacy of such data processing.
Users can add the okadis EU-DSGVO Cockpit as a separate module to an existing SAP system. The tool facilitates the effective restriction and anonymisation of personal data. Via a decision cockpit, the user can execute filter, restriction (blocking) and anonymisation functions. The ToE (target of evaluation) uses the same data basis as the SAP system of the respective client. However, no data from the client’s SAP system is stored in the okadis EU DSGVO Cockpit. Rather, all data remains within the SAP system as such.
To use the restriction and anonymisation functions of the ToE, personal data must be identified in the relevant services (database tables) of the client’s SAP system. In general, this may pose a challenge, since SAP systems are usually structured in a way that each application has its own modules with an own data repository. okadis EU-DSGVO Cockpit, however, is capable of displaying personal data stemming from different SAP applications. What is more, the tool allows for the analysis and filtering of information indicating the need for restriction of processing and deletion of personal data in compliance with data protection law and legal retention periods.
So-called decision trees represent the criteria according to which it is determined whether personal data must be restricted and/or deleted / anonymised. okadis Consulting GmbH provides users of the ToE with a standard decision tree as a template.
Anonymisation serves as a means of choice to comply with Art. 17 GDPR, since the deletion of all relevant data in SAP systems may, e.g., corrupt referential integrity and thus lead to a high error rate for the further operation of the system. The anonymisation is performed directly by the cockpit and runs through a standardised anonymisation procedure (“random”) programmed by okadis Consulting GmbH.
It must be highlighted that the business partner numbers in SAP are not subject to the anonymisation. These numbers serve as a central ID in SAP and are automatically assigned sequentially by the SAP system. Their anonymisation would jeopardise the functionality of the SAP system, which is why they remain in the system together with the anonymised data. The users are sensitised for this in a privacy hints leaflet. This leaflet makes it very clear that an export of the business partner numbers and the related personal data would bear the risk of an unlawful re-identification of anonymised data within the ToE at a later point. The leaflet asks the users to dispense with such data exports and to raise the awareness of all relevant staff for this issue.
For details, please cf. below.
Since the certification in 11/2020, okadis EU-DSGVO Cockpit (v2.1) has not been modified.
The minimum requirement for the use of the okadis EU-DSGVO Cockpit is SAP Release 740 with Support Package (SP) 0020 and the use of the SAP Business Partner (BP). The platform to be used is SAP Netweaver.
For the blocking (restriction of processing) function, a connection to SAP ILM (information lifecycle management) with the following business functions is required:
– BUPA_ILM_BF (ILM-based blocking and deletion of business partners)
– ERP_CVP_ILM_1 (ILM-based blocking and deletion of customer and supplier master data)
– ILM_BLOCKING (general ILM blocking functionality)
– ILM (information lifecycle management)
The target of evaluation (ToE) of this certification consists of the following components:
Not part of the ToE are
Dr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Alisha Gühr
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Dr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Die deutschlandweit erste Zertifizierung für Auftragsverarbeiter nach Artikel 42 DSGVO.
Die deutschlandweit erste Zertifizierung für Auftragsverarbeiter nach Artikel 42 DSGVO.
Die deutschlandweit erste Zertifizierung für Auftragsverarbeiter nach Artikel 42 DSGVO.
© All Rights Reserved.
© All Rights Reserved.