GDPR – European General Data Protection Regulation
GDPR – European General Data Protection Regulation comes into effect on May 25, 2018.
For those of you who don’t have the background – GDPR is the fundamental modernization of European Data Protection legislations, taking into considerations the digital data evolution over the last decades. It aims to harmonize data protection legislation across the European Economic Area (EEA). For US audiences the question that often comes to mind is why is there so much of concern about data protection and privacy? Keep in mind that data protection is a fundamental right in the European Union (Article 8(1) of the EU Charter of Fundamental Rights), similar to freedom of speech in the US.
Now that we have the background on GDPR, let’s talk about what data is it applicable to. GDPR is applicable to Personal Data and special categories of Personal Data called “Sensitive Personal Data”. There are varying interpretations out there, but at a very high level – any information relating to an individual (data subject) is Personal Data. Special categories of Personal Data (or Sensitive Personal Data as we call them in SAP SuccessFactors) are called out in Article 9(1) of GDPR as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, etc.
Let’s also talk about the roles and responsibilities of different parties. GDPR articles talk about three parties – Data Subjects, Controllers and Processors.
- Data Subject is the end user, whose data is being processed
- Controller is the organization that owns the data subjects’ data
- Processor is the organization (cloud provider) who is processing the data on behalf of the controller.
The onus of proving GDPR compliance lies on both Controllers and Processors (Article – 28(10) and Articles 5(2), etc.).
Join me at session 51085 SAP SuccessFactors General Data Protection Regulation (GDPR) Readiness at SuccessConnect Las Vegas to learn more. See you soon!
@Sandeep - Is there any purge functionality going to be ordered by SF? standard reports to identify with prompts on who needs to be purged etc. And also this should not affect downstream reports -headcount and reporting relationships.
Ehab - SuccessFactors is enhancing our Purge Capabilities to enable our customers to meet the data subject's "Right to be forgotten" requirements, as well as enabling a customer to keep the data in SuccessFactors as long as it is needed for "business purposes".
there are various ways how SAP software can support you with GDPR and this does not only cover your SF/HR solutions but also other cloud applications like C4C or SAP Business ByDesign. Here is a blog what ByDesign offers for GDPR: