Professional Documents
Culture Documents
GDPR
SAP WhitePaper
1 / 7
GDPR compliance: Where do I start?
Table of Contents
2 / 7
3 / 7
Each company should review the regulation to GDPR applies to an organization even if the con-
determine whether it applies to them. According troller (the party that determines how and why
to Article 3 of the GDPR, some examples of when personal data is processed) or processor (the
the GDPR applies to the process of personal party actually processing the data) is not estab-
data include: lished in the EEA. Any organization that collects
•• In the context of the activities of an establish- or processes personal data within the EEA or out-
ment of a controller or a processor in the EU side the EEA to the extent it is related to an indi-
•• Where the processing activities are related to vidual who is in the Union is likely subject to this
offering goods or services to data subjects who regulation, regardless of the organization’s
are in the EU location.
•• When it is related to the monitoring of the be-
havior of such data subjects in so far as their
behavior takes place within the EU
4 / 7
Each customer needs to determine whether and that process special categories of personal data
how to comply with the GDPR regulations. Below on a large scale. The Article 29 Data Protection
are some high-level suggestions to get you start- Working Party has provided additional guidance
ed in your preparations. on the topic.
DETERMINE IF YOU NEED TO APPOINT A DATA REVIEW CONSENT PRACTICES AND DATA PRI-
PROTECTION OFFICER (DPO) VACY NOTICES
Under the GDPR, it will become mandatory for Are you currently asking individuals for consent
certain controllers and processors to designate a to collect and process their personal data? Do
data protection officer (DPO). This will be the you need to create or update this process in light
case for all public authorities and bodies that of the GDPR? Do you need to update your data
process personal data. It will also be the case for privacy notices?
organizations that, as a core activity, monitor in-
dividuals systematically and on a large scale or
5 / 7
SAP is committed to data protection. Data pro- WHAT IS THE FOCUS OF PRODUCT
tection aspects have been an integral part of our ENHANCEMENTS FOR GDPR?
product standards, which are being extended to SAP is focusing its GDPR readiness efforts on en-
include the new requirements of the GDPR. We hancing product capabilities to provide custom-
intend to comply with the GDPR as a company as ers with additional functionality to enable GDPR
of May 2018, as well as to develop our products compliance. The software features listed below
to support our customers in applying the GDPR are planned to be included in the SAP Success-
requirements to the best possible extent. This in- Factors solutions quarterly release cycles prior to
cludes the ongoing enhancement of already ex- May 25, 2018.
isting product features as well as the implemen-
tation of new requirements. This document is not intended to provide legal
guidance, but rather to highlight the features of
WHICH SAP SUCCESSFACTORS SAP® SuccessFactors® solutions that can help
PRODUCT FEATURES ALREADY SUPPORT our customers implement GDPR requirements.
GDPR COMPLIANCE? References to the GDPR articles above highlight
SAP SuccessFactors product features already the requirements and functionality based on
support compliance with many GDPR requirements. SAP’s interpretation. We recommend all custom-
These features include product documentation, ers perform their own analysis of the GDPR
product-specific role and rights logic, retention requirements to ensure compliance based on
and deletion functionalities, consent manage- their own interpretation of the regulation.
ment inherent in the systems, as well as product-
specific capabilities that represent technical and
organizational measures to protect personal
data, including encryption.
6 / 7
Right of access by the data subject Provision of a report or display function that can be used to
inform data subjects about the personal data stored about them
MORE INFORMATION
SAP plans to provide updates to support GDPR compliance
in the normal quarterly release cycles and provide corre-
sponding documentation with those releases.
7 / 7