Beruflich Dokumente
Kultur Dokumente
10 Next Steps
The deadline for enforcement of the General WHAT DOES THIS MEAN FOR YOUR BUSINESS?
Data Protection Regulation (GDPR) is only a The GDPR will potentially affect every commercial and public
matter of months away, and the severe sector organization that processes EU citizen data. At one end
of the scale, this could be simply how you handle your internal
financial penalties for noncompliance have employee data; at the other end, it could have dramatic and
been well publicized. Yet the new regulation far-reaching effects on how you process and store large
also represents a wider opportunity to volumes of customer data across multiple markets.
transform the way you handle data and
manage risk and compliance so that your Either way, your organization needs to be ready to show
organization is in better shape to compete in compliance in two key areas by the enforcement date and
beyond. The first is the ability to deal effectively with
the digital economy. On the following pages, individuals’ rights such as data rectification and erasure.
discover some of the ways that SAP and our The second is the new principle of accountability:
partners can help you accelerate your digital demonstrating how compliance is achieved on an ongoing
transformation journey and address GDPR basis through documentary evidence.
requirements along the way.
GDPR CHALLENGES AND OPPORTUNITIES
This means that the GDPR will have implications across the
DEFINING DATA PRIVACY FOR THE DIGITAL AGE business and is not only an IT issue. In larger or more complex
Today’s digital world is driven by data. All our actions, organizations, it could affect everything from finance, HR, risk
transactions and interactions – whether via social media, and compliance management, and security, to sales,
smart devices or connected machines – leave a trail of marketing, and customer service. At SAP, we believe this is an
potentially exploitable personal information about our tastes, opportunity to look at the bigger picture and view regulatory
preferences, and likely future behavior. This data explosion compliance within the wider context of digital transformation
has raised new concerns about data privacy and security, and the future direction of your business.
and updated legislation was required to protect individuals
from misuse of their data in this modern digital age. Today’s organizations need to be fit for digital business, today
and tomorrow. The requirements of the GDPR can therefore
In response, the General Data Protection Regulation will be serve as a useful accelerator to harnessing the full value of
enforced from May 25, 2018, and has been described as one your data by channelling resources into the right areas. Instead
of the most far-reaching pieces of regulation ever. Although of thinking of the GDPR as an unavoidable cost, consider it as a
the GDPR was specifically designed to protect the data and valuable investment in your digital future.
fundamental privacy of all EU citizens, its reach is global. It
affects every company around the world that stores or
processes personal data about EU citizens – irrespective of
where the data processing is done. The detailed requirements
of the GDPR are well documented elsewhere, but in essence,
the regulation has increased focus on two key areas: individual
rights and accountability.
€20 million
Potential penalty for noncompliance,
or 4% of annual global revenue,
whichever is greater
The successful digital business relies on and when processing takes place, you can truly understand:
information excellence. It follows that the more • What business processes are using personal data
effectively you manage data across the • If those processes include third-party entities
• What applications support those processes
organization, the more straightforward it will • If there are undocumented variant subprocesses
be to address your GDPR requirements.
SAP offers a range of integrated enterprise ENHANCE DATA QUALITY
information management (EIM) and data Addressing GDPR requirements for rights to data access,
management solutions to help you understand, rectification, portability, and erasure is much harder if there are
integrate, cleanse, manage, associate, and no standards for formats and definitions used across the
systems acquiring, processing, and storing personal data.
archive your data (see Figure 1). These SAP Data Services software provides best-in-class functionality
solutions help you accelerate and scale your for data integration, quality, and cleansing that helps you:
efforts to address GDPR requirements, and • Standardize formats to ensure consistency across systems
provide a strong foundation to address digital • Cleanse personal data to ensure accuracy
business needs such as workforce • Match and consolidate multiple records to simplify data
engagement, supplier collaboration, and management
• Implement checks during data entry to ensure quality and
improving customer experiences. consistency over time
46%
• How personal data is being categorized and tagged
• If personal data is accurate and consistent across sources
Figure 1: Solutions for Information Excellence and Compliance from SAP Throughout the Personal Data Lifecycle
Business systems
SAP Information Lifecycle Database and SAP Data Services and SAP
Management component data management Information Steward software
Retention, blocking, and solutions Tagging, profiling, and
deletion of sensitive data for accuracy of personal data
ABAP®-based SAP systems. across landscapes.
The GDPR isn’t just about data management. ENHANCE CONTROL MONITORING
Nearly half of the articles in the regulation are The GDPR also requires companies to continually monitor
compliance and quickly respond to issues. The SAP Process
related to business procedures associated with Control application automates the monitoring of controls and
policies, controls, record keeping, and the policies and provides best-practice workflows for the
accountabilities of different roles and entities. notification of exceptions. This allows you to identify, prioritize,
To avoid costly penalties, governance of and remediate any regulatory issues – including GDPR and
policies, processes, and people must be clearly many other requirements – quickly and effectively.
defined and documented. • Document policies and controls centrally and map them to
all relevant requirements of the regulation
• Evaluate control design and operating effectiveness, and
Just as the successful digital business relies on information
raise, track, and remediate issues
excellence, it also relies on governance excellence. This
• Perform automated, exception-based monitoring across
requires a robust, consistent, and holistic approach across the
heterogeneous application landscapes
enterprise. Based on the “three lines of defense” model, SAP
• Improve accountability and decision-making with workflow
offers a range of governance, risk, and compliance (GRC)
sign-off and analytics
solutions that allow different parts of the organization to work
together cohesively within an integrated framework. The
solutions enable the organization to automate its risk,
KEEP PERSONAL DATA SECURE
compliance, and audit management processes and to monitor
Secure data storage is a key GDPR requirement. Cyberattacks
the enforcement of policies and effectiveness of controls.
can come both from inside and outside the organization, and to
This can greatly assist in addressing GDPR requirements as
react quickly and effectively, you need actionable information
part of day-to-day business operations moving forward.
in real time. The SAP Enterprise Threat Detection application
provides real-time security monitoring to help you protect the
STREAMLINE ACCESS CONTROL
integrity of your critical business processes and prevent theft
To meet GDPR compliance, you need to know who has access
or manipulation of business data.
to your data. The SAP Access Control application automates
• Gather events from the landscape
the process of managing and validating user access to
• Evaluate attack-detection patterns
applications and data – all with minimal support from IT.
• React on critical alerts
• Automatically detect and remediate access-risk violations
• Gain an overview of the threat situation
across SAP and non-SAP systems
• Embed compliance checks and mandatory risk mitigation
into business processes
• Automate reviews of user access, role authorizations, risk
violations, and control assignments
• Create a comprehensive audit trail of user and role-based
access control activities
50%
Decrease in audit cycle time
with automated and continuous
management of controls
SAP Performance Benchmarking
No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software
products marketed by SAP SE and its distributors contain proprietary software components
of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational
purposes only, without representation or warranty of any kind, and SAP or its affiliated
companies shall not be liable for errors or omissions with respect to the materials. The only
warranties for SAP or SAP affiliate company products and services are those that are set
forth in the express warranty statements accompanying such products and services, if any.
Nothing herein should be construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of
business outlined in this document or any related presentation, or to develop or release any
functionality mentioned therein. This document, or any related presentation, and SAP SE’s
or its affiliated companies’ strategy and possible future developments, products, and/or
platform directions and functionality are all subject to change and may be changed by SAP
SE or its affiliated companies at any time for any reason without notice. The information in
this document is not a commitment, promise, or legal obligation to deliver any material,
code, or functionality. All forward-looking statements are subject to various risks and
uncertainties that could cause actual results to differ materially from expectations. Readers
are cautioned not to place undue reliance on these forward-looking statements, and they
should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective
logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in
Germany and other countries. All other product and service names mentioned are the
trademarks of their respective companies.