What is GDPR / EU-GDPR and how does SAP Business ByDesign handle data protection?

Many organizations are concerned about how European data protection regulations known as GDPR or EU GDPR could affect their day-to-day business operations, especially when using cloud business software.

Watch the video below to get an idea in two minutes of what GDPR is and what you need to consider for your company by May 25, 2018 (further links can be found below):

With the powerful options that SAP Business ByDesign has been offering for several releases, you can efficiently implement the GDPR-related data protection regulations of your organization. With SAP Business ByDesign, your data protection officers have the following options:

1. Make sure that the user authorization allows access to data only for those users who need the data for business processes.
2. Configure minimum retention periods for important business documents. This allows you to block deletion if these are still needed, e.g. for billing.
3. Access and analysis of change logs for data specifically for customers, contacts and employees.
4. Most importantly: Central work on data protection requirements with a dedicated data protection work center. This gives an overview of the data stored on natural persons (e.g. employees, private customers) and allows personal data to be deleted across all business scenarios and documents.

The following demo video gives you an impression of how this works in Release 1802 of SAP Business ByDesign:

As you saw in the demo, the data protection expert can use the data protection work center to easily find employees, service providers (i.e. external employees) or private customers and trigger the deletion of personal data. In addition, it can generate a synopsis for all master and transactional data stored in the system for a natural person, as you can see in the screenshots below.

In addition, you can define the data retention periods for several business areas and countries in the business configuration. These deadlines control that this data cannot be deleted within the minimum retention period.

In addition, administrators, marketing and sales employees can view change logs according to their authorization:

1. Changes by date and user
2. Changed attributes with old / new value and type of modification
3. Ability to export changes

After all, ByDesign not only controls what happens in the system, but also how data is processed in external applications using the standard web services and interfaces.

1. Communication scenarios and communication agreements allow you to control external access (via the “Application and User Management” work center).
2. Valid certificates are required to enable access to web services.
3. Communication monitoring for, for example, failed web service calls. Customers still have to assess which integration scenarios are made available to whom.

Here you will find general overview material about GDPR, the SAP GDPR guidelines and in particular the data protection regulations of the SAP data center and its certifications, which are continuously checked:

• Full video and demo about SAP Business ByDesign GDPR and data protection
• CFO webinar on GDPR
• SAP Data Protection & Privacy overview
• SAP Global Data Protection and Privacy Policy
• SAP compliance & certificates
• EU Commission for the Protection of Personal Data

The original article and the first overview graphic are from Jan Matthes and appeared in English on the SAP blog at the following URL: https://blogs.sap.com/2017/09/05/what-is-gdpr-eu-dsgvo-and-how-does-sap-business-bydesign-manage-data-privacy/

All statements without guarantee.