GDPR, or General Data Protection Regulations, forces businesses to protect the personal data and privacy of European Union (EU) citizens. It introduces the new obligations for companies and comes into effect on May 25, 2018, at which time all those organizations handling EU residents’ data but non-compliant will face heavy fines regardless of their location.
GDPR introduces the strictest and most far-reaching data protection regulations seen, and information security teams need to start preparing now. They just change the way they process, store, and protect customers’ personal data in order to thwart data breaches that can result in criminal investigation, reputational damages, indemnification, penalties and fines for the affected company.
SAP is an essential part of these regulations. The large number of of Fortune 2,000 companies implement SAP systems, which will store all kinds of critical personal data.
ERPScan, a company providing business application security, has released a guideline on making SAP systems GDPR compliant.
Although SAP provides a wide spectrum of protection mechanisms to make SAP systems safe, just how to implement and configure these measures is not always apparent. Companies now need to look at these save guards in the context of GDPR privacy requirements.
“GDPR should be viewed not as a thorn in the side but as an enabler for structuring the procedure of protecting data and business applications that process this data. After all, GDPR aims at facilitating digital economy and building a strong foundation for trust in the Internet,” said Michael Rakutko, Head of Professional Services at ERPScan.
The released guide details three broad groups of GDPR technical security requirements:
- Assessing existing data processes and systems;
- Restricting personal data activities;
- Monitoring data breaches.
The whitepaper describes how GDPR affects SAP systems and how to use the hype to achieve positive business results including data governance improvement, competitive advantage, and higher customer satisfaction.
A system, which was secured yesterday, might be compromised tomorrow. Therefore, it is necessary to reduce the risk and prepare in advance.