The European Commissions’ regulation for data protection rules have been updated in the General Data Protection Regulation (GDPR) with legislation coming into force on May 25, 2018 to all EU countries.
GDPR represents the biggest shake up of data protection law in over 20 years. It will have a massive effect on many organizations and will introduce greater regulation, control and governance over personal data.
The new data protection rules will create a harmonized framework and present a multitude of new compliance obligations around new consent rules, enhanced privacy rights of individuals, demands for privacy impact assessments to understand risk, and ‘privacy by design’ for all business operations and processes. New obligations for data transparency will also be introduced for confidentiality breaches and new rights against the use of personal data with the right to be forgotten and data portability. As a result, we face far stricter rules for capturing, storing, processing and managing data.
Preparation to comply with GDPR needs to start now. Consequences of mishandling personal data will potentially lead to non-complying organizations facing fines of up to 4 percent of their global annual turnover or €20 million, whichever is higher.
Even though this regulation becomes effective in May 2018, requirements and practices to protect sensitive data are already defined, and they bring big challenges – making it even more crucial for organizations to get their SAP landscape in order now.
A great deal has been discussed about the implications of not addressing GDPR through sizeable fines and reputational damage which has led to a ‘feeding frenzy’ around GDPR. As we at itelligence started this journey it got me thinking about the benefits that good data governance relating to personal information could bring an organization.
86% of SAP users don’t fully understand the implications of GDPR in relation to their current SAP landscape and future use of SAP.
All SAP systems such as SAP ERP, Business Intelligence (BI), CRM, HCM and other SAP applications need to be included in your GDPR preparation project. In order to comply, you will need a focused approach to managing, owning and processing data.
There is a lot of complexity and confusion about GDPR. As a trusted SAP advisor and full-service provider of SAP applications and analytics solutions, itelligence can provide clarity of thought and straightforward actions on what you should consider when embarking on your data compliance journey.
GDPR is important, with huge implications. In the context of a wider data management and information lifecycle management strategy, we can highlight the practical steps you can take now to minimize the risk in your SAP systems. No single solution can address all of GDPR’s requirements but there are specialized SAP solutions that can present a comprehensive platform to managing risk within SAP and non-SAP systems.
itelligence has a number of pre-packaged risk management solutions and accelerators, developed from our global knowledge pool and supported by strong partnerships with leading GRC providers. Complemented by our data lifecycle methodology (Map, Monitor and Manage) we can help you to mitigate risk as you embark on your GDPR journey.
You need to be able to provide evidence that you are able to manage personal data throughout its entire lifecycle. A key requirement of GDPR is the ‘right to be forgotten’ and data portability involving the identification, blocking, deletion and archival of sensitive data.
SAP Information Lifecycle Management (SAP ILM) is the only solution for managing this process and presents the only way possible to delete data in SAP applications.
SAP ILM will not only solve some of your GDPR challenges, but the solution is a perfect data archiving tool for SAP ERP. SAP customers can securely move data to longer term, less expensive storage but maintain access to archived data in a compliant manner.
GDPR goes further and deeper in detailing the scope of personal data and individual rights with implications for analytical roles within organizations.
As we move into advanced analytics, big data, artificial intelligence (AI) and machine learning, organizations need to ensure the correct level of consent from the individual has been given to allow the analysis of data. From single source, multi-source and enterprise data warehouse BI architectures, you need to consider the implications of GDPR risk and Privacy by Design (ensuring you can evidence how privacy has been built into processes).
The cornerstone of GDPR relies upon good enterprise data and metadata management, of which personal data is just one subject domain. Tightening existing data management activities to support GDPR and data protection compliance enables trust to be built with both businesses and consumers alike, leading to improved customer retention and supporting service innovation. At itelligence we have developed methods to enable customers to find, catalog, analyze and understand the lifecycle of data within an enterprise data warehousing and SAP BusinessObjects landscape. These methods also support a wide range of source systems for analysis.
Have questions? Please contact us.