GDPR (Personal Data Protection) for SAP and Salesforce Solutions
The EU Regulation on the protection of individuals and their personal data is here (GDPR – General Data Protection Regulation). It introduces new safety requirements and obligations which the affected companies must meet within 25. 5. 2018. Executive management cannot wait for local legislation, and yet it must focus on preparing its employees, processes, and technologies.
Who is concerned by the GDPR?
The Regulation applies to a large majority of institutions: larger companies and smaller businesses, for example, processing data about their clients, using data for marketing purposes, monitoring their customers’ behavior, having their camera systems, or e-shops.
These are all organizations that have their employees’ attendance system, customer database, or job seekers, backup and archive data, contracts, or encrypt data. Thus, all businesses having personal data stored on their servers, sending them over networks to data repositories, and using different applications.
What does that mean to you?
The main obligations that come out of the GDPR are:
- Providing prevention of data leakage and personal data;
- Preventing unauthorized access to personal data;
- Introduction of anonymization of personal data;
- Obligation to designate the responsible person;
- Ensuring the safe disposal of personal data;
- Managing and monitoring personal data activities;
- Ensuring the resilience of personal data processing systems against data loss and outages;
- Ability to identify, analyze and document security incidents in a timely manner;
- Regular testing of personal data security;
- Establishing encryption of data and personal data.
Non-compliance with the Regulation threatens is subject to a fine up to EUR 20 mil. or 4% of the company’s annual global revenue (the higher value applies).
If you are using SAP systems, we can help you with:
- Evaluating your system’s readiness for GDPR requirements;
- Creating an action plan to implement system changes based on GDPR discrepancies detected;
- Identify data/tables in SAP databases that relate to GDPR to set new business rules;
- Identify processes to ensure the rights of subjects (access, correction, deletion, processing limitation, portability, objection);
- Propose how to make anonymous the testing SAP systems and Sandboxes where personal data is also handled by unauthorized persons;
- Prepare the functionality to create a bulk / single listing of all personal data of the subjects from the system;
- Prepare the functionality for anonymization or deletion of personal data on subjects that can no longer be stored on the system under GDPR;
- Register consent/disagreement with the use of personal data under the GDPR conditions (who granted the consent, how it was granted, for what purposes it was granted, what time it was granted, when it was revoked) into the system;
- Register consent for automatic decision making;
- Register consent to process sensitive data on subjects;
- Prepare for bulk / individual recording functionality, limited processing of personal data on subjects;
- Process of informing subjects on the verification and decision, the objection and the lifting of restrictions on the processing of personal information;
- Prepare functionality for the mass transferability of personal data to another administrator upon request of the subject;
- Prepare for bulk editing of personal data of subjects;
- Prepare processes for the application of the rights of clients and other subjects under GDPR;
- Edit document templates and extractors.
You will be advised by experts
Anodius is the official partner of SAP and Salesforce.
Our team of certified experts specializing in the implementation of GDPR in Europe will help you:
- Compare your current processes and systems settings in your company with GDPR requirements;
- Support designing organizational, process and IT changes;
- Support implementing accepted changes in SAP or Salesforce.com systems (by May 2018).
Stanislav Micheller, Partner – Delivery Services