The new EU data protection regulation has entered into force! It implicates compliance efforts for every organization worldwide handling personal data of individuals residing in the EU. Massive revenue-based sanctions will be imposed on companies that do not fully adhereto GDPR.
Data in SAP systems becomes personal data as soon as it is possible to identify the person behind the data. In this context the regulation brings a set of new requirements and data subject rights:
- Pseudonymization: GDPR refers to pseudonymization as a process that transforms personal data in such a way that the resulting data cannot be attributed to a specific data subject without the use of additional information e.g. encryption.
- Breach notification: In event of a data breach, data processors have to notify their supervisory authority and customers of any risk within 72hrs.
- Right to access: Data subjects have the right to obtain confirmation from the data controller of whether their personal data are being processed.
- Right to be forgotten: When data is no longer relevant to its original purpose, data subjects can have the data controller erase their personal data and cease its dissemination.
- Data portability: Allows individuals to obtain and reuse their personal data for their own purposes by transferring it across different IT-environments.
- Privacy by design: Calls for inclusion of data protection from the onset of designing systems, implementing appropriate technical and infrastructural measures.
How can SAP solutions help?
These requirements have an impact on almost all divisions within an organization. Organizations failing to keep personal data secure face substantial financial penalties.To ensure that this does not happen to your organization, SAP provides numerous solutions, like SAP Information Lifecycle Management and SAP Enterprise Threat Detection to Identify, analyze, and neutralize real cyberattacks, or SAP Information Steward for data profiling and metadata management, as well as SAP Master Data Governance, when it comes to providing high-quality, non-duplicate master data.
GDPR requires a special attention on the lifecycle of data, where the blocking and deletion of data plays an important role. With SAP Information Lifecycle Management (ILM), SAP offers a wide range of capabilities to manage the lifecycle of information including archiving, retention, blocking and deletion of personal data, as required by GDPR.
Camelot can help you close the GDPR compliance gap and fulfill the requirements and obligations by providing you comprehensive solutions, services and expertise.
