Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prepare for the new EU General Data Protection Regulation and co-innovate with SAP GRC

AndersonOliveir
Advisor
Advisor
‎07-29-2016 1:05 PM
0 Kudos







The final text of the General EU Data Protection Reform has been published. It brings a number of compliance obligations, improving the privacy rights of the individuals. For instance, the right to object and the right for data portability. It also requires data breaches to be notified within 72 hours. A comprehensive guide is available here.  The reform imposes organizations to perform Data Protection Impact Assessments (DPIAs) as part of their overall risk management practices:




“In order to enhance compliance with this Regulation in cases where the processing operations are likely to result in a high risk for the rights and freedoms of individuals, the controller should be responsible for the carrying out of a data protection impact assessment to evaluate, in particular, the origin, nature, particularity and severity of this risk. The outcome of the assessment should be taken into account when determining the appropriate measures to be taken in order to demonstrate that the processing of personal data is in compliance with this Regulation. Where a data protection impact assessment indicates that processing operations involve a high risk which the controller cannot mitigate by appropriate measures in terms of available technology and costs of implementation, a consultation of the supervisory authority should take place prior to the processing.”



As an example, consider evaluating data retention risks. Maintaining data for a period longer than necessary and failing to apply the data minimization principle can have serious consequences to the individuals in the case of a data breach. Organizations can identify risks with the help surveys, as discussed in this panel for instance. The graphic below shows a simplified overview of the necessary steps for conducting DPIAs:






This is only one of the aspects of the new regulation. The new rules will become applicable on May 25, 2018. Fines for non-compliance are up to 4% of annual global turnover.





The GRC Product Management team and Product Security Research are running a Customer Engagement Initiative, which consists on a co-innovation project to help our customers to a.... There is still room for participation. The candidates do not necessarily need to be currently a GRC customer. Contact anderson.santanadeoliveira for more information.



4 Comments
former_member238620
Explorer
‎03-10-2017 10:10 AM
0 Kudos
Hi Anderson,

Great blog.

We had a partner workshop few days back with SAP regarding GDPR and the discussion was all about SAP ILM and there was no mention of SAP GRC.

How different are these tools with respect to GDPR. What is the best approach?

Regards

Praveen
AndersonOliveir
Advisor
Advisor
‎03-10-2017 11:07 AM
0 Kudos
ILM is a key component for defining the organisational data retention rules - it is an essential enabler for the EU GDPR, since the data controllers can manage what personal data must be kept in an SAP systems, and what needs to be discarded in order to comply with multiple regulations. GRC in the other hand, allows to oversee the company's privacy management  program using multiple features of the suite, such as access controls, process controls and risk management. For instance, in implementing data protection impact assessments, as I explained in this blog: https://blogs.sap.com/2017/03/02/implementing-data-protection-impact-assessments-with-sap-grc-risk-management/

 

Thanks for the question, I hope it helps, contact me if you want to know more.
JanMatthes
Advisor
Advisor
‎09-11-2017 9:06 AM
Hi Praveen,

as explained by Anderson there are various ways how SAP software can support you with GDPR. This could mean ILM for your on-premise landscape, GRC to manage and overview but also tools within your cloud applications like C4C or SAP Business ByDesign. Here is a blog what ByDesign offers for GDPR:

https://blogs.sap.com/2017/09/05/what-is-gdpr-eu-dsgvo-and-how-does-sap-business-bydesign-manage-dat...

Cheers

Jan

 
former_member238620
Explorer
‎10-30-2017 1:41 PM
Thanks Jan. Good to see that there are already inbuilt tools to comply with GDPR in Business bydesign.
Popular Blog Posts