Many organizations are concerned about how the European data privacy regulation known as GDPR or EU-DSGVO might impact their day-to-day business especially if they are using cloud business software.
See the video below to get in two minutes an idea on what GDPR is and what you need to consider for your business latest until May 25th 2018 (more links can be found below):
The powerful capabilities which SAP Business ByDesign provides already since a couple of releases will help you to execute the GDPR related data privacy policies your organization might setup. With ByDesign your data privacy officers will be enabled to:
- Ensure that user authorization allows access to data only to users which need the data for business processes
- Configure minimal retention periods for key business documents in order to block deletion if they are still needed e.g. for accounting.
- Access and analyze change logs for data especially for accounts, contacts and employees.
- Most important: Centrally work on data privacy requests with a dedicated data privacy work center which provides an overview on the data stored about natural persons (e.g. employee, private account) and the deletion of personal data across business scenarios and documents.
The demo video below gives you an impression on how this works in our 1708 release:
As you have seen in the demo the data privacy expert can use the data privacy work center to easily find employees, service agents (i.e. external employees) or private accounts (1) and to trigger the deletion (3). Additionally he can generate a synopsis for master and transactional data which is stored for a natural person in the system (2) as you can see in the screenshots below.
Furthermore you can define in the business configuration the data retention periods for multiple business areas and countries which control that data cannot be deleted within the minimal retention period.
Administrators, sales and marketing employees can according to their authorization access change logs:
- See changes per date and user
- See changed attribute with old / new value and modification type
- Export changes
Finally ByDesign does not only control what happens inside the system but also how data is being consumed in external applications with the standard web-services and interfaces.
- Communication scenarios and arrangements allow to control external access (via the Application and User Management work center).
- Valid certificates are required to allow access ByDesign Web services.
- Communication Monitoring for e.g. failed web service calls. Customers still need to assess which integration scenarios are exposed to whom.
- Full video and demo on SAP Business ByDesign GDPR and data privacy
- GDPR: Company stakeholders and obligations
- CFO Webinar on GDPR
- SAP Data Protection & Privacy overview
- SAP Compliance & Certificates
- GDPR regulation with links to all details in multiple languages
- EU Commission on protection of personal data