Case Study: Helsinki University

Addressing GDPR compliance for employee data

Industry: Education | Application: GDPR Assessment


The University of Helsinki, Finland’s largest and oldest academic institution, is an innovative centre of science and thinking. The university, founded in 1640, is considered one of the best institutions in the world, with a heavy emphasis on high quality teaching and internationally renowned research. More than 31,000 students are enrolled at the university, which employs almost 10,000 people.


With more than 40,000 students and employees, Helsinki University handles a massive amount of personal data in its SAP systems. The university’s IT team needed to get a better handle on this data to ensure it was complying with GDPR, the EU’s strict data protection and privacy laws.

The IT team lacked a full understanding of how to address GDPR requirements within SAP systems and sought a partner with specialisation in data management to help them navigate this challenge and mitigate risks. The team needed a holistic view of the project roadmap that would help them understand which data is essential, where it is moving, and where non-essential data could be removed from the system. This led them to seek out Proceed Group’s team of seasoned consultants.

Assessing the need

The IT team engaged Proceed Group to gain a better understanding and overview of the personal data within the university’s SAP systems. The goal was to document these findings to serve as a blueprint for future implementation.

Proceed Group’s experts examined the university’s SAP systems, met with key stakeholders, and conducted an analysis of how the current situation aligned with GDPR regulations. The Proceed Group team documented its findings and shared them with the IT team, to provide clear guidance on what needs to be done.

Creating a blueprint for compliance

Helsinki University’s team now has a good overview of how to meet GDPR compliance within its SAP systems. The team now understands what technical implementation actions need to be taken and what other actions it needs to take within the organisation to become more GDPR compliant.

With the blueprint delivered by Proceed, the Helsinki University IT team can build needed data lifecycle management rules into the SAP system.

They can remove the personal information from SAP systems when the data cannot be stored anymore according to GDPR. The blueprint provides excellent guidance for needed GDPR compliance actions that will satisfy auditors by ensuring only necessary data is kept and accessible.

“Thanks to our work with Proceed Group, we now have better understanding of how to achieve GDPR compliance within our SAP systems. Our university handles massive amounts of personal data and ensuring we’re meeting these regulations is essential. We are now well on our way to improving our GDPR compliance”

Jere Reinikainen, Head of Development, Helsinki University

Beyond the assessment: our GDPR packaged service for employee data

Proceed offers a packaged solution specifically designed to address the GDPR compliance requirements for employee data within SAP systems. The service comprises two parts:

Part 1 involves a consultative and collaborative approach to help customers understand GDPR compliance requirements and develop a blueprint for handling employee data using SAP’s Data Protection functionality from the Information Lifecycle Management product (SAP ILM) and other SAP HCM Data Protection functionality. Proceed also assists in creating a project plan and identifying potential pitfalls.

Part 2 goes beyond the blueprint and project plan and involves building, deploying, and running the necessary solutions for GDPR compliance. Proceed also offers knowledge transfer to the customer, enabling them to maintain and manage the compliance measures effectively.

Contact us to find out more