Test Data Migration Server (TDMS)
Qualification: IT product
25/09/2012 until 30/09/2014
Not applicable (IT product)
Data avoidance & minimisation
TDMS facilitates data avoidance and minimisation by providing efficient functionalities to reduce and scramble personal data. Temporary data on the sending system (production system) are deleted immediately after the transfer of data to the receiving system.
Users of TDMS v4.0 (who qualify as data controller) are informed about relevant data protection issues by means of specific notes on data protection. Details of the scrambling process are described in a particular document that is made available to users.
TDMS v4.0 facilitates privacy-compliant use. Responsibility for the processing of personal data by means of TDMS lies with the user of the product who is the data controller. In particular, the responsibility to check whether adequate data reduction and scrambling rules are applied (on a case by case basis) remains the task of the user.
Test Data Migration Server (TDMS) is a software that transfers relevant business data from an SAP production system to a development, test, quality assurance, or training system (non-production system).
By means of TDMS users may reduce the amount of data to be transferred to a non-production system to the extent strictly necessary for the particular purpose. In addition, TDMS enables users to perform data scrambling to data that are to be transferred.
The focus of TDMS is scrambling. (Personal) data may be scrambled (e.g.) by means of deleting or randomly modifying data values and by inheriting scrambling rules for single data fields to other data fields. Users may make use of some predefined scrambling rules (in particular for SAP ERP HCM) and/or define rules on their own.
It is the user's responsibility to assess the appropriateness of the applied scrambling rules in each single case. It is important to check whether the application of the defined scrambling rules results in an anonymisation or pseudonymisation of personal data. The use of predefined scrambling rules does not always guarantee proper anonymisation and/or pseundonymisation of personal data. If users want to initiate the transfer of data to a non-production system without having specified any scrambling rules, they will receive an alert.
Prior to the scrambling of data, users may reduce the amount of data to the extent strictly necessary for the respective purpose ( e.g., by means of selecting only data originating from a specific time period).
Target of Evaluation (ToE) is TDMS v4.0. The ToE includes the following components:
Ralf von Rahden
datenschutz cert GmbH
Dr. Irene Karper
datenschutz cert GmbH