KPMG Codebook

The requirements for affected IT systems of a business entity can be derived from data protection, commercial and tax law. Most ERP systems contain countless data relevant to commercial law, but personal data must also be recorded for documentation and traceability reasons. Examples are personnel data, supplier and customer data, GPS data and addresses. In addition, potentially personal data is diverse and not always easy to identify.

The KPMG Codebook is a solution for ERP systems from SAP to reconcile and fulfil the requirements of the German Commercial Code (HGB) and the General Data Protection Regulation (GDPR). The aim is to gain transparency of existing personal data, clarity on its age structure and associated retention periods, and to enable a process to ensure legal requirements are met with full usability of the remaining non-personal data.

For this purpose, the KPMG Codebook is fully integrated into the SAP system and has access to the tables of the database and metadata of the table fields. The KPMG Codebook only accesses tables actually used in the productive system and identifies whether personal data is stored on the basis of the set of rules. Not only SAP standard tables are searched, but also z and y tables. The KPMG Codebook uses its comprehensive set of rules. There are over 1,000 search terms in this search. Since the KPMG Codebook does not look at the content but at the structure and type of tables, false positives can also be identified. In the KPMG Codebook, a large number of false positives are already known based on the analyses carried out and are filtered out. (e.g. filtering out building names).

At the beginning of the project, we record the exact design of your IT landscape and your individual specifics in an initial workshop. The KPMG Codebook is then adapted for the modules used in the SAP system and in the in-house developments.

This is followed by the installation of the software on your SAP systems by our specialists. After error-free integration has been ensured, the search run is started. The result is a representation of all tables and fields in the SAP system that potentially contain personal data. In our solution, we attach great importance to the fact that the actual table content does not need to be viewed in both processing and analysis. Only in exceptional cases - to clarify unclear analysis results - are sample data sets analysed. The results are reviewed by one of our consultants. The hits are categorised into sure hits, false positives and fields where queries are necessary for final classification.

False positives are added directly to the database of already known false positives. The fields that are individually relevant to your systems are treated separately and are appropriately classified directly in future evaluations of affiliated systems. In this way, the KPMG Codebook is constantly learning from SAP system to SAP system in general, but with you in particular.

In the analysis results workshop, the results are presented, evaluated and finally classified. This sets up the basis for the pseudonymisation of personal data. Our specialists develop the systematics for an ideal combination of continuous usability of the data and security in accordance with legal requirements. In doing so, the fields for pseudonymisation that would allow for the conclusion about an individual are specifically selected. The remaining data is still available for evaluations and other statistics. Data integrity is maintained.

The original field values with the key (pseudonym) are entered in the codebook outside the SAP system and protected against unauthorised access. The original terms in the SAP system are replaced by the pseudonym. If it is necessary as a result of an audit or for other compelling reasons, the pseudonyms in the SAP system can be replaced at any time by the codebook with the original field values and then pseudonymised again.

The KPMG Codebook also determines the age structure of the entries and thus enables corresponding time classifications (e.g. financial year) to be made. Based on the retention periods determined, the deletion dates can be determined. Once the retention period has expired, the implicit permission to hold the personal data also expires, provided that no legal hold issues have arisen in the meantime.

If the KPMG Codebook determines that the retention period for defined data clusters has been exceeded, the key in the codebook can be removed outside the SAP system. The entry in SAP would then be simultaneously anonymised, thus fulfilling the deletion requirements.

Through this process, the KPMG Codebook offers a number of great benefits:

• Compliance with the GDPR and HGB
• Restriction of access to personal and sensitive data
• A defined process for pseudonymisation, de-pseudonymisation and anonymisation of personal data in SAP ERP systems
• Full usability of the data even after the expiry of the retention period
• Low ongoing expense after implementation of an initial project
• Use of synergy effects for additional systems in the business entity’s own IT landscape

KPMG will support you all the way. As a reliable and experienced partner, we support you from the recording of the status quo, the analysis of the data, classification and selection to the implementation of pseudonymisation.

Please get in touch so we can present the KPMG Codebook tailored to your individual needs.