SAP and GDPR

03

JULY, 2018

Privacy Policies

Since May 25, 2018 the new EU-General Data Protection Regulation has gone into effect. IT-systems in companies have to offer all necessary functions to mask all personal data – to delete those after different retention periods.In accordance with the EU GDPR all information must be made accessible for the user, if requested.

Hardly any other topic has been lately discussed all over the EU as much as the GDPR ( General Data Protection Regulation). At latest since July 2018 companies must have found solutions for handling the GDPR and made actions, such as appointing a data protection officer.

Data is the new bacon…or oil, or even gold.Whatever you think: Companies are facing enormous tasks to realize the new General Data Protection Regulation. Data is collected and saved in various ways – not only in a system.This is the sticking point – the system landscape’s (and its respective data streams’) unmanageable complexity.

Humans being a data storage and sending device without any rights, will be a thing of the past.

Photograph by Steve Roe via Unsplash

The oftentimes complex architecture of SAP systems, especially within a data warehouse-system such as SAP BW, leads to a difficult challenge in terms of implementation and compliance with the necessary requirements. Consequently, BW’s strategy of documenting metadata drops out of use. Thus, more complex, but also more intelligible documentation is required. Furthermore, data can usually not be deleted from a BW-system, to resolve this issue, a “deleting-strategy” has to be implemented. Alternatively, an anonymisation or pseudonymisation may be an option in this context. Those tasks are by no means rocket science, still they are relatively tedious and time-consuming.

“Will the GDPR change the way of collecting data?”

As always, whenever a new law has come into effect, procedures have to be checked and adapted. Data subject rights, in other words rights of employees, customers, suppliers, business partners, or patients or clients are supposed to be protected more thoroughly.Data may only be collected and processed, if there is a reason or need. In the era of ‘data collecting-anger’ this is a very new approach.

You’d like to stay up to date? Simply sign up to our newsletter!