Skip to Content

We want to make sure that you’re aware of upcoming changes on SAP Community that will enhance our data privacy and security systems. In addition, you’ll need to know about what actions to take to ensure you will not miss out on continued engagement and participation in the community.

As data protection and privacy is a top priority for us at SAP, it’s important for you to understand what’s coming – and soon. The big news is that the EU’s General Data Protection Regulation (GDPR) – a new set of rules scheduled to go into effect on May 25, 2018 – will reshape the way SAP and our customers collect, use, and store personal data.

If you’re registered on the site, you currently have a publicly displayed profile. If you take no action by May 25, 2018, your profile will be hidden from public view starting on that date. The result of this setting is that you will be able to read SAP Community content, but you will no longer be able to ask questions, write blogs, or engage in any other way in the SAP Community.

In addition, your name and profile image will no longer appear publicly on any of the content you’ve created previously in the SAP Community, including blog posts, questions, answers, and comments. You can always change this setting from the Account Settings link in your profile dropdown menu.

You must take action before May 25, 2018 to opt into publicly displaying your profile information in order to continue to participate in the Community.

To change your privacy settings and allow your profile to be publicly displayed, please click your profile picture in the header and go to the Account Settings from the dropdown menu. Then scroll down to a new category called Privacy Settings. Enable your public profile display by clicking the Edit Privacy Settings link, then selecting the green “Allow” button.

Once you have completed the steps above, the setting will read “I allow my profile to be displayed publicly.” This setting allows us to continue to display the same profile information that is already publicly available today.

If you have any linked accounts, those accounts will use the same privacy setting (all linked accounts will either be public or private, depending on your selection).

Important note: if you choose to hide your profile, this setting will take effect on May 25, 2018.

To learn more about how this all works see the infographic below.

To report this post you need to login first.

76 Comments

You must be Logged on to comment or reply to a post.

  1. Volker Barth

    So apparently I do have to allow to publicly displaying my profile information in order to continue to participate in the Community.

    As that “Allow” button seems to be an “All or nothing” operation – I’m missing information exactly what information of my profile will be displayed publically and what not. How can I influence that?

    Or to put it differently: When I do allow the public display, will the same profile information be shown after May 24th 2018 as is done currently?

    (4) 
    1. Martin Hinderer

      This was a tie on the comment posting (exact time *g*). Seems you where some seconds earlier still as you comment is above mine, but we have the same questions…

      (0) 
  2. Martin Hinderer

    Shouldn’t there be some kind of explanation about what exactly of the profile is displayed publicly (only the name, or the Reputation, or everything)? And it there is a difference between if someone is viewing it that is a registered member and someone that is an anonymous guest?

    Or this already listed somewhere and I just cannot find it?

    (3) 
    1. Catherine LaCroix Post author

       

      Hi all,

      What will be publicly displayed is what’s showing now. The only difference is that on May 25 we’ll need your permission to display to share this same content publicly.

      Does that help?

      Catherine

      (0) 
      1. Volker Barth

        Hm, that’s kind of a “Find out yourself” answer, even if it is technically correct… Could you tell us how we can influence what parts of our profile are public vs. private (say, company name, location, …)?

        (As this seems to be independent of the GDPR change, I guess there could/should already be a blog on that topic somewhere.)

        (0) 
          1. Volker Barth

            Ah, thanks Jürgen, so that affects those information only (company name, city, location).

            —-

            That being said, I still think an official statement would be worthwhile…

            (0) 
          1. Volker Barth

            Being no lawyer, doesn’t that basically focus on the question whether personal attributes are relevant/necessary for postings in the community? If they are not, then I guess SAP is obliged to erase them (or to remove them from the “mere” contents by “guestification”) unless a personal permission is granted by opting-in.

            However, as Eng Swee has pointed out, often the personal attribution is seen here as very relevant to find (and probably to evaluate) contents, and therefore I could also imagine that it would be fitting to leave that contents with personal attribution until someone explicitly requests to remove that connection.

            (0) 
          2. Martin Hinderer

            If I understand it right this article 17 implies an active part of the “data subject”. So it would be the user telling “please delete that”. SAP currenty does the other thing (“please leave my account active”).

            Nevertheless I expect SAP representatives (like Catherine LaCroix ) to give us more details on that. Isn’t it weird that on the one hand it is stated that the community should be more user friendly/user oriented and on the other side there is not a single explanation provided so far on “why have we constructed this like an opt-in”?

            (2) 
            1. Jürgen L

              In my opinion is the BDSG Bundesdatenschutzgesetz already regulating this a long time. For many years already we must not publish birthday lists even within the company as this is only allowed with consent of the person. It further regulates the unauthorized disclosure of personal data to third parties.

              Here we have personal data in our user profile and third parties can look into it without that I gave my consent to that.

              The GDPR is even extending the definition of personal data, which now includes all kind of data that can be used to link to a certain person.

              Where ever the law is not precise it will be clarified at the court. But would you really risk that as a major software development company with headquarter in the EU.

              To be on the save site you ask first for permission before you show the personal data instead of getting accused for showing personal data without consent after the May 25.

              (3) 
              1. Volker Barth

                I certainly agree on the birthday list issue, and I consider privacy a very important value.

                However, in this community, if I do post anything, I should be aware that this by definition is a public website, and that my user name and profile are published with my postings. IIRC the account creation process tells me that. And I guess that has been the case for the last years, too.

                That is why I still question whether the guestification is really necessary, simply as it reduces the value of the contents.

                (Of course it is understandable that a company is cautious in ths respect.)

                (1) 
                1. Martin Hinderer

                  What bothers me the most is that we still do not get an answer/explanation from SAP side. All we are doing here is making assumptions of why SAP is solving the GDPR issue in this way.

                  To me it seems that there is still the mindset of an one directional communication: this is what you will have to accept: do it or you cannot use community. I doubt that this is the correct way speaking to voluntary users of this community.

                  (1) 
                  1. Jamie Cantrell

                    Hi Martin,

                    It seems that you are looking for a more detailed legal conversation and, as none of us are lawyers, I’d recommend reviewing SAP’s privacy policy and reaching out to the relevant groups listed throughout that document: https://www.sap.com/about/legal/privacy.html

                    Best Regards,

                    Jamie

                    (1) 
                    1. Martin Hinderer

                      Well, no, I just wanted to point out that it would be nice to get some more Information than “it is because of GDPR, take the action or leave”.

                      Some people might also call it transparency, and it should be done proactively from SAP side.

                      (0) 
                      1. Jamie Cantrell

                        What I’m saying is that I am not qualified to do more than tell you that SAP is committed to compliance with all the relevant laws and the Community team is working to giving our users the best possible experience in the context of that compliance effort. We are making changes to give users better control of what of their data is exposed publicly — in this case, the data will be no different than what is publicly available today. Because the Community is fundamentally built on individuals interacting with each other, we do not allow anonymous users to participate (you can still consume content in the Community, but you cannot take action with a hidden profile). I don’t think you would want anonymous users up/down voting your questions or leaving anonymous comments on your content. This is not a change from our usual operation (we don’t allow users to take action on the Community without registering). I’m honestly not sure what additional information you are looking for but I’m always happy to help where I can.

                        (2) 
      2. Waldemar Falinski

        Dear Catherine,

        thank you for nice article but apparently there is still some stuff missing to assume SCN is GDRP compliant in the best possible exntent.

        We ask here – at least I am but I believe all the colleagues as well with this intention – just to help. I tell everybody around that all SAP products are GDPR ready but it seems that SAP social networks are still under construction in this matter…

        I guess SNP is only a processor (and we are a kind of controllers) so the obligations are limited but still exist like named in article 28 and distributed in all the body of GDPR. It would be for example nice to have GDPR tab with explanation, positioning and advice to us. Or maybe it is but I was not lucky in my search?

        With best regards,

        Waldemar

         

        (0) 
          1. Waldemar Falinski

            Dear Jerry,

            thank you but I know what GDPR and general policy of SAP about it – it is a kind of my specialization.M My question was about SCN compliance in particular.

            I can see some colleagues asking for quite obvious things required by GDPR that seems to be still missing here – we are friends of SCN and willing to help with these questions. For example according to GDPR consent must be informed.

            By the way let me share a kind of reflection as for example LinkedIn names is “contract” as the membership in such the social media is on our request…

            So all in all our questions were focused on SCN compliance with GDPR and not general SAP policy in this area.

            Wish all the best for all SCN members!

            Cheers,

            Waldemar

            (0) 
  3. Joachim Rees

    Hey Catherine,

    can you please explain how exactly you “collect, use, and store personal data.”?

    Also, how can I get an complete overview on what data you collect, use, and store about me?!

    Thanks
    Joachim

    (2) 
    1. Audrey Stevenson

      Hi Joachim,

      Instead of me trying to explain in detail here (since I’m not a lawyer), the best thing I can suggest that you or any other members with similar questions can do to understand what personal data SAP collects, uses, and stores, is to take a look through our privacy statement. The statement exhaustively explains how SAP collects and processes your personal data, and how you can obtain an overview.

       

       

      (0) 
      1. Waldemar Falinski

        Hi Audrey,

        this privacy statement is something but having everything mixed up (all the systems, purposes) may create more questions than clarity. Definitely a kind of service map would help. The systems are (may) be connected but while we are talking here in a kind of circle of friends imagine how can somebody who read it considering SNP:

        “Kindly note that if you do not provide any such information about disabilities or special dietary requirements, SAP will not be able to take any respective precautions.”

        What is right for training hub and I am sure not public.

        I know that is created by lawyers who always want to create a kind of shield by using a lot of complicated words in a huge block of text but with GDPR this strategy is weak. Here is a commons sense and understanding much better and would be great if SAP would be a leader in GDPR matters here!

        Hope this helps!

        Cheers,

        (1) 
  4. Eng Swee Yeoh

    Hi Catherine

     

    Regarding content that will be “Guestified”, will the content be delinked from the author’s profile? My concern is that there are many contributors who are no longer active, or do not have access to their older profiles to make that change. However, there are a lot of valuable content linked to these contributors. If the content are delinked, it will become very difficult to find such content in the future. It is already difficult to search for information in this platform, and if such linkage is removed, we may lose even more valuable content.

     

    I for one might never remember the exact details or title of a blog, but I can kinda recall it was written by author XYZ, so I search through the author’s content. One example is https://people.sap.com/william.li. As you can see, the author is no longer active, but his past contributions are still very popular and are referred to constantly.

     

    Regards

    Eng Swee

    (5) 
    1. Jamie Cantrell

      Hi Eng Swee,

      Yes, the content will be delinked from the creator’s profile if the creator does not agree to allow us to continue to display their public profile. This is why it’s so important that we all work together to get the word out and encourage our friends to change their settings too.

      Best,

      Jamie

      (0) 
      1. Eng Swee Yeoh

        Hi Jamie

         

        Thanks for the response. Unfortunately, not everyone will be able to do so even if they might want to. The example I provided above, the author probably might have left SAP and no longer have access to the account.

         

        This is a big concern as this will cause all such contents to be “lost” in the platform. Searching for such content would be like finding a needle in the haystack. With so many issues plaguing the community, that is still waiting to be resolved, we really don’t need another one like this.

         

        Eng Swee

        (6) 
        1. Jamie Cantrell

          I have no disagreement that the experience will be affected. Unfortunately, the best we can do is try to get as many people as possible to attend to the issue.

          Best,

          Jamie

          (0) 
  5. Stephen Johannes

    So I assume the goal of shutting down the community via a website redesign wasn’t working and you went the indirect route of using GDPR.   It’s totally frickin amazing so I guess you have job one done.

    (6) 
    1. Volker Barth

      It’s even more “totally frickin amazing” than unless you do opt-in to publish your profile, we will no longer be able to find out who has drawn such sharp conclusions…:)

      (3) 
  6. Volker Barth

    I agree with Eng Swee that the “guestification” of inactive members or lost former accounts will be a big concern to find valuable contents.

    (Being no laywer, I would still question whether the GDPR really forces SAP to “anonymize” previous content – in my understanding, every person who has published contents here has been aware (and has accepted the terms) that contents is linked to the publishing person…

    Some more questions to the effects:

    1. Will that apply to the “Followers”/”Following” lists, as well, i.e. will they be reduced to lists of primarily “Former Members”? (Not that I personally have used those lists much, but it’s sometimes helpful to know about relationships…)

    2. To cite: “In addition, your name and profile image will no longer appear publicly on any of the content you’ve created previously in the SAP Community, including blog posts, questions, answers, and comments. You can always change this setting from the Account Settings link in your profile dropdown menu.”

    What exactly does that mean? What will happen if I do not opt until May 25, 2018 – will my previous content be guestified at May 25, 2018 and fully be un-guestified when I lateron do opt to publish my profile, or will only new content be un-guestified then?

    (2) 
    1. Volker Barth

      On the other hand, it might have its advantages, say, I can leave my above comment with misplaced format and forget about the annyoing message that I repeatedly get when trying to fix the numbered list:

      Sigh.

      (0) 
    2. Jerry Janda

      Hi, Volker:

      I did some asking around, and in response to your questions, here’s my understanding…

      1. Former members will not appear in other people’s follower/following lists. They will be (reversibly) removed in the case that their profile is hidden.

      2. Yes, all of that author’s content will say Former Member, and he or she won’t be able to create new content, so there should be no new content (until the author changes their Privacy Settings).

      –Jerry

      (2) 
      1. Jamie Cantrell

        And to add on, your old content will be ‘un-guestified’ once you update your Privacy Settings to allow for public profile display, as well.

        (2) 
  7. Volker Barth

    And a further question:

    Does that have any impact on a S-User account that is only used to access the Support Portal to get access to downloads, incidents and the like but is not used within the SAP Community?

     

    (0) 
      1. Catherine LaCroix Post author

         

        To confirm, it won’t have an impact on an S-user account, assuming that user NEVER used it in SAP Community to do anything. But if they, for example, liked a piece of content while logged in with that S-user, or followed a tag or a person, then it will affect that one too.

         

        (1) 
        1. Volker Barth

          Catherine, thanks for the clarification!

          That leads me to the question how I can find out about that… – i.e. might logging in with such an S-User account already leave traces?

          And as you mention “likes” – is there something particular about likes of “Former members”? Will they be removed, as well? (In my understanding, likes are shown “anonymous” by default, therefore I would not have expected any effect on them.)

          (0) 
          1. Jamie Cantrell

            They will not be removed. If you have 10 likes and 3 of those users become anonymized, you will still show 10 likes.

            Re: Your S-User account, you can check into the SAP.com Privacy Policy and reach out to the relevant teams listed there to determine that.

            (0) 
  8. Mark Wagener

    f you have any linked accounts, those accounts will use the same privacy setting (all linked accounts will either be public or private, depending on your selection).

    Does this also apply to linked accounts which are not active anymore? (former employers for example)….

    (0) 
    1. Jerry Janda

      Hi, Mark:

      The Privacy Setting applies to all linked accounts. If you’d like to handle an account separately, you’ll need to unlink it.

      –Jerry

      (3) 
  9. Shailesh Mane

    I do not understand why I have to allow my profile to be displayed publicly to participate in the SAP Community. This means SAP is forcing employees to make our profile public in order for us to do our job. Instead, it would be better for those employees who do not want to share their profile publicly, they can instead make the employees title public and allow them to engage with the community. I think for customers, it is important that who (title/responsibility) from SAP (Product Manager, Development Manager etc) are more important than the name of the person.

     

    (0) 
    1. Catherine LaCroix Post author

       

      Hi Shailesh,

      The SAP Community has always been built around interactions between individuals. Our Rules of Engagement have always stated that users are expected to use their real names and their own photos. This is not a new expectation of Community members, employees or otherwise. In addition, turning on this privacy setting simply allows you to continue showing the profile information you already share today.

       

      Catherine

       

      (4) 
  10. Attila Molnár

    Hi!

     

    How can I delete my profile?

    BTW this private (not visible) by default action is NOT enough for GDPR.

    A consent needed to STORE any information about a person. GDPRI is not only about visibility, but also storage and access.

    (1) 
    1. Jamie Cantrell

      HI Attila,

      As stated in our Terms of Use:

      “You can always correct or update Your Personal Data. Furthermore, You may request information about Your Personal Data stored with SAP, or the correction (in case the relevant Website is not allowing You to correct or update your information), or deletion of Your Personal Data by contacting webmaster@sap.com. Please note that if You request the deletion of your account or Personal Data, You might not be able to further access and use the SAP Websites and your User Content.”

      There is also a lot of information about how SAP handles personal data in our privacy policy.

      Best,

      Jamie

      (0) 
  11. Julia Quintel

     

     

    Hi Catherine,

    I suggest to have group/ team accounts which we can use SAP internally to blog and comment posts.

    So far, I write blogs to inform the outside world about new releases. I appreciate to have this channel but don’t want to share my details – not even my name.

    Being able to blog from a team account, one could stay anonymous.
    Also, in case someone has changed roles and is no longer responsible for a certain topic, it is better to have a team instead of a single person as a reference in case of questions.

    Hope this can be considered.

    Thanks & Regards,

    Julia

    (0) 
  12. JC Freeman

    Hi everyone.

    SAP’s way of approaching GDPR is the most heavy handed and offensive of all that I have seen or had to respond to.

    Whereas most organisations are providing users/participants with granular options to permit/deny various actions or exposures, SAP (as seems to have been said many times in this thread) has taken the view that we must expose everything or else be excluded from the debates.

    Absolutely heinous !

    Some from Germany have explained above how their national privacy laws already protect personal data that is not protected in other states until GDPR takes effect.

    In my opinion, the best view of GDPR seems to attribute to it a desire to provide people/users with a good level of protection against the worst (and mildest) forms of data misuse.  Within its scope is the concept that option boxes (and several of them) should be presented EMPTY for the user to fill in as desired.  SAP is trampling roughshod over this concept with its “take it or leave it” attitude and in so doing is obviously upsetting a great many people – me included.

    I think SAP just don’t “get it” over what GDPR is aiming to achieve.

    I’d be interested to see what others think

     

    Regards

    JC Freeman

    (1) 
    1. Jelena Perfiljeva

      As much as I love to criticize SAP, I’m rather confused by the outrage here… “Option boxes should be presented empty” – well, that’s what is happening here, essentially, isn’t it? SAP is giving us an empty box and we have to check it to continue participating on SCN.

      I’m also not sure what other options could SAP offer in the SCN profile… Could you provide some examples of what you’ve envisioned?

      We already have the opt-in options for specific items in the profile, e.g. company name and location:

      There is a checkbox for every item, as you see. I chose to check them because this information is already in my LinkedIn profile and anyone can find it. However, if someone doesn’t want to share it, they can do so and just be a John Doe from an undisclosed location.

      Having a public profile will allow the SCN member to post questions/answers and blogs. And those items would be attributed to them (with their chosen name and avatar). This seems to make sense to me. If you don’t want others to know who you are then you can’t just go around and post anonymously.

      I’m not sure though why I didn’t receive a similar request from LinkedIn, for example. However, they are a US-based company and they always had an explicit option for public profile, so I guess that might be the reason. On SCN, we’ve always had profiles and the field-specific options (like in the screenshot above) but no explicit “opt-in”, technically.

      It may seem kind of dumb: why would you create a profile if you didn’t want to contribute in the first place? But I guess we’re just caught by the need to apply the law to the existing profiles that had no explicit opt in/out box.

      One thing I would wish for though is to have two visibility options: public and for registered members only. Many other websites have such option. I think this would be helpful on SCN and might encourage more information in the profiles. E.g. I wouldn’t mind the registered members to see who I am but not necessarily every Joe and Jane who came here from Google.

      (3) 
  13. Rob Jones

    European law does not allow severely disabled persons or children to be kept as public profile. A perosn who is registered as legally blind (as defined by EU law) clearly cannot read or make such judgements or by the Courts has no capacity to concent to such terms. It seems that this legislation is narrowly cast with many exceptions and gives little choice by the operator to include or not include people if they are blind. We will see further regulation been introduced in the next few years which will clarify the end game as privately held data must be controlled by the private owner within a defined period. Probably every two years.

    (0) 
    1. Jamie Cantrell

      Hi Volker,

      Yes, those are the relevant Terms of Use. I’d also reference the Privacy Policy in your research.  Combined, they give a pretty clear picture of how SAP handles personal data. For the Community, there isn’t much change in standard operations here, except that you need to flip the privacy settings switch to continue to share what you already share today, come May 25. We’ve always required registration to participate and encouraged people to use their profile to share whatever personal information they deem appropriate for this forum. (See ROEs #1 and #2) This hasn’t changed.

      Cheers,

      Jamie

      (1) 
  14. Jelena Perfiljeva

    Sorry if this has been asked before but I didn’t find this information. If, say, someone doesn’t check the checkbox (especially for the old profiles, some folks have 5 here 🙂 ) and all their content goes to “the artist formerly known…” – will those items (blogs/questions) still be present in the user’s profile for them to view? And if the checkbox is checked later will the relationship be restored? Or is it like “speak now of forever lose your stuff”?

    Thank you.

     

    (0) 
    1. Jamie Cantrell

      Hi Jelena Perfiljeva ,

      Linked accounts will automatically receive the same account privacy settings, but if they are not linked, we don’t have a way to make sure they are turned on. So, if you don’t have them linked they will be anonymized unless you log into each account individually and turn on the public profile view. You can always change the setting while logged in. Your account name, avatar, link to the associated profile, etc. would be restored on your content any time you set it back to public view. You should still be able to view all your content in the private view of your profile, regardless of your privacy setting.

      Best,

      Jamie

      (1) 
      1. Jelena Perfiljeva

        Sorry, I’m still not 100% clear on this.

        Let’s say Jane Doe wrote some blogs. She did not check the checkbox, so her blogs would be displayed as authored by “Former member” or whatever. But when Jane herself opens her profile, will she still see her blogs in the “My Blogs” section? And if she checks the checkbox sometime later will the blogs appear again (to her and public) as authored by her?

        From your comment it seems that the answer is “yes” to both but just to clarify.

        (0) 

Leave a Reply