In the wake of the GDPR, organizations are being forced to reconsider their network security, data discovery, data access, controls, mapping and governance policies and practices to ensure regulatory compliance and to prevent stiff fines for non-compliance. The European Union (EU) began enforcing the GDPR on May 25, 2018, to protect customer privacy and personal data. GDPR adherence requirements apply to any organization in any country — inside or outside of the EU — that handles or processes EU residents’ personal data. We’ll show you exactly how to accomplish your goals with our GDPR compliance checklist.
Protecting personal data of consumers is extremely important. Not only are too many consumers and companies suffering from data theft every year, but billions of dollars are spent to recover from data breaches. Regulation and protection of consumer personal data is not new. Companies need to assess their security and risk management strategies, data handling processes, data access roles and data governance to help ensure regulatory compliance and to properly manage enterprise business risk.
Essentially, the regulation is intended to provide EU data subjects with improved control over their personal data, enhance the processes carried out by organizations when transferring and storing the data of a customer, and unify 28 national data protection regulations to modernize Europe’s cyber-security policies. The law stipulates that organizations must do everything in their power to protect the personal data of EU data subjects. Moreover, GDPR gives EU data subjects enhanced and new rights over their personal data to protect their human rights.
But here’s the thing:
The regulation includes a broad definition of ‘personal data’. Any data that can be used to directly or indirectly identify an individual is considered personal data and must be protected. In addition to the obvious types of personal data (such as first name, last name and credit card information), the GDPR’s definition includes online identifiers and genetic, mental, cultural, economic and social information.
If a company fails to comply with the GDPR, an EU regulator can issue warnings, reprimands, suspensions of data transfers, bans on processing, and orders to correct infringement. Many companies are making it easier to access your data. Their compliance efforts are showing, and it creates a sense of trust with their consumers.
Depending on the breach and other variables, an organization may face fines that are 4% of their revenue:
To comply with the GDPR, your organization will need to assess its current governance, risk and compliance (GRC) strategy and implement processes and systems to discover, manage, protect and report on personal data issues.
So, what does this mean to organizations using SAP?
SAP is taking GDPR seriously, as any large software publisher would when hosting billions of personal data records. SAP is working to ensure that its products support processes and systems to discover, manage, protect and report on personal data hosted in SAP systems. In addition to SAP application awareness, an organization must also determine where personal data is stored to ensure it is encrypted and protected.
Consider the ways in which personal data is stored in SAP’s ERP Central Component (ECC), which is SAP’s enterprise resource planning software that includes finance, logistics, HR, product planning and customer service modules.
The challenges associated with GDPR compliance are both complex and obscure. In many cases, enterprises have more questions than answers on the policies, processes and technologies they need to put in place in order to comply with GDPR. Auritas offer services that help your organization on your GDPR journey. Moreover, when you put Auritas on your team, you have ready access to expertise and insights that can help your business leaders understand your organizational requirements, identify the solutions to those requirements, and take steps today to avoid the high costs of non-compliance.
Auritas may be able to help you understand the issues at hand and create a plan toward resolution. Auritas offers essential services to help with GDPR requirements to ensure your organization is better positioned to adhere to new privacy and data protection regulations that are sure to come down the road.
As a leading provider of regulatory compliance solutions for enterprise SAP customers, the company provides a wide range of GDPR solutions, including:
Furthermore, services include assessment of an organization’s readiness and a suitable compliance strategy to minimize risk exposure. Some of the components available from SAP in regards to the GDPR include:
For more information, please contact one of our CCPA & GDPR experts at CCPA@auritas.com.
If you’d like to read up on the CCPA and gain insight on the US data privacy regulations, feel free to click here!
In the wake of the GDPR, organizations are being forced to reconsider their network security, data discovery, data access, controls, mapping and governance policies and practices to ensure regulatory compliance and to prevent stiff fines for non-compliance.