Count Down to GDPR
Count Down to GDPR
On Thursday, 14 April 2016, the European Parliament adopted the General Data Protection Regulation (GDPR)
The GDPR comes into effect on 25 May 2018 and companies have until then to become compliant.
SAP system users should be interested in what needs to be done to apply the new EU data privacy laws to their SAP systems, in particular how to handle your SAP data in accordance to the regulations.
The risks of non-compliance with GDPR
Not complying with the GDPR (General Data Protection Regulation) leads to significant fines and compliance risks. The EU created two tiers of maximum fines for companies violating the GDPR. The higher fine threshold is four percent of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher. The lower threshold fine is two percent of an undertaking’s worldwide annual turnover or 10 million euros, whichever is higher.
What is considered privacy relevant information?
There are many elements of personal information
Some examples are name, gender, age, date of birth, marital status, citizenship, languages spoken, veteran status, disabled status, IP address (some jurisdictions), business and personal addresses, phone numbers, email addresses, internal identification numbers, credit card and bank account numbers, government issued identification numbers (social security, drivers license numbers, etc.) and identity verification information, etc.
It is important to remember business data elements can be considered personal information as well.
“Personal data” is defined as “any information relating to an identified or identifiable natural person”
The supply of and need for data is greater than ever before. This abundance of information, combined with technological advances, means that data laws necessarily have to become more stringent to protect individuals and promote confidence in how data is being used by businesses. Data regulation compliance is an integral part of this. Data management underpins Proceed’s approach to ensuring your SAP data is GDPR compliant, using SAP ILM and other SAP best practice tools to regulate your SAP personal data. Get in touch with Proceed to discuss how our experienced SAP data and document management experts can help your organisation navigate the transition to GDPR compliance. General Data Protection Regulations (GDPR) – SAP
SAP ILM GDPR Tools
The lifecycle of information (put under corporate control) can be managed with SAP Information Lifecycle Management (ILM). SAP ILM is currently the only SAP tool to manage the lifecycle of SAP data in a controlled manner, using records management & retention policies. SAP ILM Data Retention is now part of your SAP ERP licence for GDPR compliance.
Data destruction objects
For the controlled destruction of privacy relevant SAP data and documents, SAP ILM offers so called data destruction objects. In the SAP module HCM we find in excess of a 100 data destruction objects, and the SAP HCM data destruction objects can (in most of the cases) be used without additional SAP license implications.
Retention policy: manage the lifecycle of your data
Privacy relevant data should be managed in alignment with other legislation based on retention rules. Other (overruling) legislation – e.g. tax regulations might require the preservation of privacy relevant data, blocking e.g. the destruction of financial data containing privacy relevant data.
With SAP ILM we can harmonize this and apply specific policies for specific types of SAP data.
Data destruction in SAP
Based on the defined retention rules in SAP ILM it is possible to comply with the GDPR rule to destroy privacy relevant SAP data in a controlled way.
Data logging involves tracking who has requested data within the SAP system, as well as what SAP data has been requested. This can go a long way to preventing data breaches if users know that their activity is being monitored
Another way to protect SAP data is through hiding or masking data fields by default, giving only authorised users the ability to access unmasked data.
Would you like to learn more? Contact Us to organise a half day workshop to advise on where to begin organising your SAP data to show accountability under the GDPR rules.
Contact us through the link below, and we will be happy to discuss and give guidance on your GDPR strategy for your SAP Data & Documents.
Contact us to find out how we can help.