General Data Protection Regulation (GDPR) protects all private citizens and gives them full control of their personal data. The scope not only covers customer online data but also human resource record, financial transactions, etc. All companies operating anywhere in the world are obligated to protect their customers’ private data (European citizen including British ones). Here is the site for full information on the new regulation: https://www.eugdpr.org/.
We address the two parts of SAP GDPR compliance : extracting information from SAP system about a citizen in an acceptable format, and removing information from SAP systems.
For the second part, as archiving & ILM specialists, we backup SAP vision of the deletion process. We believe some solutions currently on the market do not guarantee database integrity, and put the SAP maintenance contract at risk. We believe companies claiming they know the SAP process better than SAP seems like beyond any reasonable overstatement.
Being archiving specialists with a focus on ensuring audit-ready data, our position also faces a crucial question: How do you balance not over deleting but still complying to GDPR?
Our challenge will be to position ourselves on SAP only when the subject is largely involving personal information obtained via websites for example. Here is an introductory video from SAP that talks about their recommended and integration solution that includes data archiving and deletion.
But clients are looking for partners who can guarantee the mission in being fully GDPR compliant. We would really not want to implement a complete GDPR solution because of our commitment to audit-ready data and simultaneously respecting GDPR. This is currently a very delicate and complex subject due to the different types of data and local retention policies.
What we can do now is to offer an expertise (an assessment and evaluation) that can guarantee the success within the unique areas of archive and deletion in your SAP system for GDPR.
We believe GDPR, tax & audit constraints have to be taken into account together. We believe a reasonable vision of GDPR requirement will emerge, and this approach will eventually match European citizen interests with corporate and IT feasibility.