Organizations are facing growing challenges in order to meet the data privacy compliance requirements associated with mandates like The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) (taking effect in 2020.) Apart from these, several U.S state-specific regulations are expected to go into effect in the coming months.
The impact of these regulations is significant. Organizations must now keep track of where and how they obtain personally identifiable information (PII) from the moment they obtain, through the life of retention. They are also required to maintain records of data processing, consent forms and many other documents. All of these factors are naturally increasing the time to successfully complete an audit – all while new mandates are simultaneously minimizing the time allotted to complete the same audit. This new regulatory environment is putting pressure on organizations to find new strategies for managing and reporting on PII access and usage. Needless to say, the PII once gathered with precision and coveted as a valuable asset has now become a liability with a distinct holding cost.
Are companies truly equipped to handle Data Privacy Compliance requirements?
The answer is, no. Recently, many companies have come under fire for data breaches.
Marriott is facing a hefty fine of $123 million for a data breach in 2018. British Airways too faces a $230 million under GDPR (for weak data security policies resulting in a breach.) While this accounts for 1.5% of British Airways’ annual revenue, regulatory fines can go up to 4% of an organization’s annual revenue.
How to Manage ERP Audits when the Deck is Stacked Against You
Traditional, on-premise ERP systems were not built with logging capabilities that aligned to understanding PII usage. Logs were meant to troubleshoot, find system errors and ensure applications were running properly. The PII inside the system was not a factor and understanding access and usage was irrelevant.
Now that organizations will be forced to perform audits more frequently, in a more precise manner and leveraging ERP systems that require the triangulation of multiple reports (exponentially increasing audit times) to just get a basic understanding of usage – the overall cost of an audit has skyrocketed.
ERP Compliance Audits Can Actually be Cheaper and Faster than Once Believed
With this new data regulatory landscape in mind, organizations must look to enhance their audit capabilities by turning their attention to logging strategies dedicated to data usage (not just system performance.)
Appsian’s Security Platform for PeopleSoft and SAP takes data access into account, by adding granular logging capabilities that track user behavior and data access and then aggregates trends into easy-to-consume analytics dashboards. All designed to provide the same snapshot into usage that once took weeks to aggregate manually with traditional logging capabilities – but with Appsian, can now take a matter of minutes.
With Appsian, your ERP audit strategies can now scale to match the time and resource allocation demanded by new and upcoming data privacy mandates. And because these strategies can be integrated into traditional ERP systems, that may (at one time) been viewed as an audit liability, the life of your legacy ERP system can be extended – thus, maximizing your ROI and not being forced into an expensive and resource-draining rip and replace project.
To learn more about Appsian and how our Security Platform can help your organization prepare for data compliance audits, Contact Us.