- The General Data Protection Regulation (GDPR) is a regulation approved by the EU Parliament on 14th April 2016.
- The GDPR intention is to enforce, strengthen and unify data protection for all individuals within the European Union.
- It will also make more difficult to export data from those individuals outside the EU (hello U.S. companies!).
- If you want to be GDPR compliance you will need to use one or more ways to encrypt the data within both on-premise and cloud solutions.
- This include servers (file, application, database, etc.), Storage (Network-attached Storage and Storage Area Network), Media and Networks.
- Only process data for authorized purposes
- Ensure data accuracy and integrity
- Minimize subjects’ identity exposure
- Implement data security measures
SAP and the GDPR
Right now you are wondering why I’m speaking about the GDPR in a SAP blog, right? Because SAP systems are completely full of personal data! Considering this you should be worried of become GDPR compliant with your SAP systems. Luckily SAP released the SAP Note 2590321 – Upgrade recommendations to support GDPR compliance describing the recommended target release for each of their products. So if you have a SAP ERP system then SAP recommends that your ERP version should be SAP ERP 6.0 EhP8 SP06. Does this means that you should upgrade your system before May 25th? No! The versions described in the SAP Note 2590321 contains improvements and are optimized to achieve GDPR compliance. That doesn’t mean that older version won’t be GDPR compliant.
As you may already know, GDPR requires to manage all elements of the personal data life cycle within your company. Because of this no single solution can be GDPR compliant per se. It is required a lot more work to do rather than upgrade your SAP systems… I leave you some interesting documents related to GDPR:
But my company is from outside the EU…
In that case… the European Union doesn’t give a s**t if you are from outside the EU! The GDPR affects companies both inside and outside the EU. The problem is that if your company is dealing with EU business’, residents’ or citizens’ data then you will have to comply with the GDPR. Do you said that you don’t give a s**t about GDPR and the EU? Well in that case the fine could be up to 20 million € or 2% and 4% of the annual global turnover (of course the amount which is greater). Considering this I have to say that I’m sorry, you will have to become GDPR compliant…
Good luck for the following months guys! Remember, the deadline is May 25th 2018 and there is still a lot of work to do!