SAP does not provide legal advice. The following information is only about technical features which might help a customer to become compliant with data protection regulations.
What is GDPR?
The General Data Protection Regulation (GDPR) is mainly introduced to simplify and standardize data protection within the European Union. Main objective is to unify and improve EU citizens’ data protection. GDPR regulation very significantly increases the obligations and responsibilities for how personal data is collected, used and protected. Responding to the GDPR requirements means organizations must treat personal data in accordance with the regulation and, where applicable, with the appropriate consent from individuals throughout the life of that data—from acquisition to processing and retention, all the way through archiving and deletion.
No single product can address all the requirements of GDPR, and this is not simply an IT issue. This is an opportunity to think holistically about “digital transformation” – to set up the kind of future-friendly business processes that incorporate sound Data Protection and Privacy practices AND accommodate for new business models.
- Requires the time and expertise to identify what you have, what you don’t and what you need to do.
- Need to adapt policies, processes, and systems to address specific requirements around privacy by design, consent, storage, access, usage, retention and deletion.
- Must accurately assess and plan for sustaining ongoing compliance with GDPR.
- Cannot disrupt day-to-day business, especially revenue-generating activities
- Reduce risks and address compliance, while building the foundation to cost-effectively address future regulations and requirements.
- Increase accountability and clarity of roles within your organization by improving the depth and breadth of policies and procedures.
- Protect your brand and increase trust with customers, employees, and business partners by demonstrating your commitment to protecting their data and privacy.
- Establish data best practices to build better engagements with your customers and prospects.
GDPR Technical Check Service as the Starting point
The “GDPR Technical Check” service gives the customer 360-degree overview of the requirements of the General Data Protection Regulation (GDPR) and an idea of their current situation concerning EU-GDPR. In addition, this service proposes practical steps for achieving GDPR compliance with a customer specific roadmap as an outcome.
GDPR Questionnaire powered by SAP Cloud Platform is provided to determine state-of-practice use of data-privacy aspects in the current customer SAP landscape. Proper consent and disclosures are maintained during our customer questionnaire process. Online Questionnaire is diligently categorized into various sections based on the GDPR requirements. It is necessary to implement the “SAP Note 2611875 – ABAP Program for GDPR Technical” for analyzing the customer system with corresponding counterpart of spot checks regarding the GDPR requirements of the questionnaire.
The questionnaire raises questions out of the following below categories, that are specific to GDPR requirements. The questionnaire comes with predefined questions and answers, that can be chosen by the customer. There is a possibility to add some comment to the predefined answers. The following categories are part of the questionnaire:
- Information to be provided
- Information Access
- Erasure: Blocking and Deletion
- Physical Access Control/ Access Control
- Restriction of Processing
- Change and Disclosure control
- Job Control
- Availability control
- Data Separation
- General Questions
Technical System Analysis:
- Technical parameters
- Organizational structures
- Access Control (authorizations)
- Authentication (Passwords / SSO)
- Change and Disclosure control
- Restriction of Processing (RFC-interfaces, ODATA-Services, ICM-Services)
- Data stocks of typical personal data such as employee data, vendor data, business partner data, etc. (no data is downloaded, only the absolute numbers are determined!)
The customer specific information from the GDPR questionnaire and the technical system analysis are consolidated by experienced GDPR evangelists. As a result, customer specific GDPR roadmap is created based on the Procedure Model (step-by-step implementation approach). To provide the best possible support on the journey to GDPR compliance, SAP Services and SAP software are being considered in the customer results presentation.
Key SAP Contacts:
- Andreas Oesterle (Global)
- Kiran Kola (North America Region)