Fundamentals of SAP HANA and Compliance Under Upcoming GDPR Regulations

The General Data Protection Regulation (GDPR) was developed to protect privacy rights of EU citizens. It was first conceived in 2012, but won’t officially be implemented until May 2018. Despite the attention the new regulations have drawn, many organizations still don’t understand the changes these laws are bringing. It is important to research them and understand the role that SAP will play in meeting compliance goals.

Implications of the New GDPR Regulations

Before you can understand the role SAP plays in addressing the new GDPR regulations, you will need to understand the changes the policies create themselves. Although the first GDPR policies were drafted six years ago, they still have yet to take effect, so many people are left in the dark. Even companies outside the EU must abide by this framework if they process data on EU users, so the data must be properly secured and anonymized.

The GDPR regulations are likely to have a long-term impact on the EU economy. A study from Deloitte discovered that the current version of the bill could cost 66,000 jobs and have other adverse effects on the economy. Fortunately, many of these issues can be resolved over time.

Here is a quick overview of the new policy changes.

Customers Must Provide Consent Before Private Data Can Be Processed

The GDPR builds on laws on the EU cookie storing policies. Articles 17 and 18 of the General Data Protection Regulation require organizations to get consumer consent before they can process data.

Companies Must Employ Stricter Data Protection Protocols

The recent surge of cybersecurity breaches has caused a lot of concerns about customer privacy. Articles 23 and 30 require companies to adapt reasonable safeguards to protect customer data in the event of a security breach.

Companies Must Regularly Audit their Data Privacy Safeguards

The GDPR requires companies to conduct regular audits to assess the effectiveness of their data protection policies. The ICO gives a brief summary of these policies:

“Data protection impact assessments (also known as privacy impact assessments or PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.”

Personally Identifying Information Must Be Anonymized

Anonymization is one of the most important changes under the GDPR. Any data that is personally identifying must be safeguarded with anonymizer tokens.

Role of SAP Solutions in Ensuring GDPR Compliance

Navigating the new GDPR policies is a challenge for many organizations. Developing the right infrastructure can be even more challenging. Fortunately, SAP tools have made it easier for companies to meet these requirements.

Here are some of the ways that brands can use SAP to meet their compliance targets.

Improving Cybersecurity Protocols

Deploying better cybersecurity protocols is the most important measure companies must take to meet GDPR compliance. Using virtual data rooms can be particularly important, especially for companies using personally identifying information on high-profile users.

Outline the Parameters of Your SAP Data

You need to identify the scope of all of your SAP data, especially if you have shifted away from manual protocols. The GDPR specifies which data is included in their guidelines. This data includes:

• Full of partial names
• Emails
• Social Security or other personally identifying numbers
• Financial information
• Medical information, genetics or biometrics

All of these data sets must be identified and anonymized in compliance with the new GRC standards.

Determine Which Systems Must Be Included

The main databases aren’t the only ones that must be protected. You must also identify any backups and legacy systems that may store personally identifying user information. All of this information must be properly encrypted and use anonymizer tokens as necessary.

Choose the Right Anonymizer Tools

Many telecommunications companies and other organizations have failed to properly anonymize their data. The reality is that there are lots of anonymizer tools available, even within SAP. However, some of them don’t adequately protect sensitive user data.

Fortunately, SAP Hana users can benefit from the SAP Data Anonymization. This service is currently available on a trial basis. One of the main benefits of this service is that it offers differential privacy features. Andrea Kristen, an expert for SAP HANA operations topics in general, provides an eloquently written overview of the topic.

“Differential privacy adds random noise to your data, for example to salary amounts in an employee survey. Looking at individual records, you won’t get any meaningful results and thus the privacy of individuals is protected. However, the noise is added in such a statistically clever way that it allows you to still gain valid numerical insights when doing analytics on the whole data set.”

SAP Offers a Multi-tiered Solution to GDPR Compliance

Complying with the new GDPR solutions will be an overwhelming challenge for many organizations in the next few months. Companies will have an easier time if they have already employed SAP Hana. Hana is equipped with various tools that will make it easier to ensure compliance.

Shutterstock / By Profit_Image