By next year May, organisations that use the personal data of anyone residing in the EU will have to comply with the General Data Protection Regulation (GDPR). Implementing a data strategy that is compliant with GDPR isn’t the easiest task, that’s why businesses need to start as soon as they can. Here is a checklist companies can follow to make sure they’re prepared for GDPR:
1. Alert everyone in your organisation
Your entire organisation needs to be aware of GDPR and the new rules it will bring, as many different teams will be affected. SAP system users need to be aware of what data privacy laws need to be applied to their systems and raise awareness of all the potential changes to other team members.
2. Document the data you hold
When it comes to personal data, it’s important that you document where it came from and who you share it with. By doing this, you’ll comply with GDPR’s accountability principle, as new regulations will require you to show the policies and procedures you have in place.
3. Communicate privacy information
Are your current privacy notices up to scratch? Collecting personal data will change significantly with GDPR, people need to know who you are and what you’re going to do with their data. You will also have to communicate and explain your data retention periods, your legal basis for processing the data, and that people have a right to complain to the ICO if they’re not happy with how you’re handling their data.
4. Make sure your SAP data is protected
Protecting internal data is crucial for GDPR compliance. An effective data management strategy gives you better control of personal data, which will reduce the risk of non-compliance. To ensure your data is protected, follow these four best practices:
4.1. Data logging
Data logging is important for preventing data breaches – whether it’s internal or external. With data logging, you can track who has requested data within the SAP system, as well as what data has been requested. By monitoring these requests, it will be easier to identify any potential security threats.
4.2. Data Masking
You can also protect your data by hiding or masking the data fields. This way only authorised personnel can access it, which increases the security and instils awareness of data compliance.
4.3. Information lifecycle management (ILM): Data deletion
With less data, there’s less of a security risk. Keeping obsolete data in your SAP system will just complicate things and put pressure on IT staff, so make sure you delete it.
4.4. ILM Data Blocking
Not all obsolete data can simply be deleted, especially if it’s still within its retention period. If the data isn’t required for business operations but you still need to keep a record of it, you could block it. Blocked data can’t be edited, or used for any type of business use, and only authorised staff members can access it. This means that data will be protected and your data management strategy will be more effective.
With a solid data management strategy, you’ll be one step closer to complying with GDPR. If you want to know more about how a SAP data strategy can get you ready for GDPR compliance attend one of our GDPR Getting Ready & Staying Ahead events