SAP® GDPR Solutions
GDPR – KVKK
What is Melasoft SAP KVKK-GDPR Solution?
Data security auditing has increased significantly in EU member states and Turkey with the General Data Protection Regulation (GDPR), and the Turkish Law on Protection of Personal Data (KVKK). The increase in cyber crimes such as data theft has brought the need of a more detailed authorization structure.
Regulations such as KVKK and GDPR and related secondary regulations have brought the obligation to control the access to personal data and sensitive data. The protection of personal data, which is generally used in ERPs, and full compliance with KVKK-GDPR regulations are complicated and difficult processes. The successful management of the processes such as proper processing and Explicit Consent management at the same time requires proficiency and experience in the SAP field.
Melasoft SAP KVKK-GDPR Solution is developed by Melasoft R&D Center in order to prevent and protect the unauthorized access to the personal data processed within the system and to provide an up-to-date Explicit Consent Management, in full compliance with the KVKK and GDPR. It allows the management and follow-up of sensitive, confidential and critical data of businesses. Melasoft SAP KVKK-GDPR Solution provides legal compliance and operational solutions such as masking or anonymization of downloaded data, sensitive data access reports, demand management system for the rights of the person concerned. It allows the management and follow-up of sensitive, confidential and critical data of businesses. After test processes completed succesfully, our solution developed for multinational and local companies has been included in the Melasoft product portfolio.
Explicit Consent and Actual Data Management
According to Article 3 of the KVKK, explicit consent is defined as “consent regarding a specific subject, based on information and declared with free will”. In the Constitution, explicit consent is emphasized as a prerequisite for processing personal data by stating that “Personal data are only regulated in cases stipulated by law or with the explicit consent of the person”.
According to the KVKK, explicit consent is one of the reasons for compliance with the law both in terms of private personal data and non-special personal data. Explicit consent is required to process personal data either sensitive or not and to transfer of the personal data domestically and/or abroad.
-
With the Melasoft GDPR Portal, you can prepare the consent text for your customers, vendors, employees and all partners just by dragging and dropping and send this text to the addressee by e-mail.
-
You can send reminders for unresponded e-mails within a certain time.
-
You can report incoming answers and transfer them to your SAP System. You can delete and anonymize data according to the responses transferred to the SAP system.
-
You can make wet-ink signature document mandatory on the portal, or you can save the consent information in the transaction records by keeping the submitted file.
-
All our documents are stored on the Amazon platform.
-
Moreover, in accordance with Article 16 of the Law, we inform the maximum period required for the purpose of processing personal data when applying for registration to the Data Controllers Registry.
Demand Management System
With the Demand Management System, you can receive request forms of data owners online through your company’s WEB sites.
-
You can make wet-ink signature document mandatory on the portal, or you can save the consent information in the transaction records by keeping the submitted file.
-
You can get reports about incoming requests and examine them in detail.
-
You can set Automatic Reminders.
ALV-GUI Masking
-
In the SAP Platform, data can either be created with 3rd party system integrations, or can be created and edited by authorized persons.
-
With the Melasoft SAP KVKK-GDPR package, we create area-based masking and control in the system. In case of unauthorized access to any screen we mask the data.
Data Transfer Monitoring
With Melasoft Download Monitoring, Gui Download, Mail Submission, RFC and ODATA & Rest API, IDOC submissions are controlled for transferring of personal data to external systems.
We check the data during Gui download or mail sending processes while transferring personal data to external systems and mask the relevant fields. In addition, we log the people who downloaded the files, and prevent the download of sensitive data with customization.
-
We hide sensitive areas by masking.
-
In addition to the system logs, we log file downloads and according to customization, we can also log file inventory.
-
With customization, you can add new fields and log data downloads
-
While transferring your data abroad via SAP, you can check the data with the IDOC scanner from our related tables and check the authorization of the relevant partner.
Sensitive Data Access Reporting
Monitoring the access to classified data in SAP systems is becoming increasingly important. End users might work with SAP data outside the boundaries of corporate networks.
Corporate data might be threatened by cybercriminals, hackers, cyber spies, and terrorists trying to use confidential data for financial gain or more ideological or national interests.
-
Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership of associations, foundations or trade-unions, information relating to health, sexual life, convictions and security measures, and the biometric and genetic data are deemed to be sensitive data.
-
We provide reports of sensitive data by activating access logs on SAP. Data can be easily reported upon the request of the person concerned.
-
With customization, we can prevent the download of sensitive data.