GDPR background and implications
By now you have heard about the EU General Data Protection Regulation (GDPR), which will go into effect on May 25th, 2018. GDPR applies to SAP and all our customers worldwide with operations in an EU market. Data Protection and Privacy laws are not new. In the EU, the history begins in 1995 with the EU Data Protection Directive (Directive 95/46/EC). European companies have worked to meet data protection regulations for decades; however, GDPR will introduce significant changes. It imposes notable limits on customers’ data management and penalties up to 4% of total sales volume.
At SAP we believe protecting personal privacy is good for business - enabling you to improve data transparency, sustain customer and employee trust, increase stakeholder engagement and protect brand reputation. GDPR compliance is bigger than any IT vendor. No customer can become GDPR compliant with IT solutions alone. GDPR requires a deep focus on what kinds of data our organizations are collecting, why that data is collected, where it is stored, how it will be used, and why the organization is legally allowed to have it. And when something goes wrong, there must be a detailed log to proof that the law was followed.
What SAP is doing to support you
From a technology perspective, if your system landscape already complies with the requirements of European data protection directive EC95/46, the actions necessary for you to adapt to the new GDPR standard should be reasonable in effort and expenditure. You should still check if the simplifications delivered in the latest releases from all of your technology partners help you to reduce Total Cost of Ownership of your Data Protection compliance processes. If you have not fully implemented the legal requirements of the existing data protection legislation, this may impact your ability to be compliant with the new legislation.
There is no single way to approach GDPR compliance. It is important to understand that for most organizations, the process will involve evaluating current policies, practices and processes, in order to determine what changes should be made. Assessing current processes and organizational design is a good place to start. For example, the law requires there be a purpose behind data processing activities – changes to process and design should reflect those purposes. After you adapt your processes and your organizational set up accordingly, you can continue with implementing GDPR compliance features, such as blocking and deletion rules or the authorizations concept.
We recognize that this is no easy endeavor for any of us. SAP offers many solutions and services that support digital transformation, end-to-end data protection, privacy, and governance operations. This includes our market leading Governance, Risk and Compliance solutions, Enterprise Information Management, and Customer preferences & consent management (Gigya) solutions to ensure the required documentation and auditing. For ERP install base customers, migration to SAP S/4HANA or consumption of the latest enhancement pack is a critically important step. For users of other cloud solutions, enhancements will be made to products via routine innovation cycles. Our services experts will help you chart a path to drive the best outcomes for your business.
For More Information
We are hosting a series of webinars and have information and resources available to you on this topic and others. For up to date schedules, visit www.sap.com/k4u
For more information, and to get help connecting with more support for your GDPR journey, please reach out to your AE. We are here to assist you with any questions you have.
Marion Schneider, SAP, GOGO
By EM Fahrer, SBN Adfahrer