The General Data Protection Regulation (GDPR) (http://www.eugdpr.org/) is a new privacy regulation in Europe that protects the personal data for any individual “based” in the EU, regardless of citizenship or, where the data is being held. This regulation will be enforced in May 2018 and outlines strict fines for those companies found to be out of compliance. GDPR applies to any organization located inside or outside the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. GDPR is different because it is much more comprehensive and carries more regulatory weight and fines than the previous 95/46/EU directive on data privacy, which it replaces.
How will it affect companies doing business with EU residents?With GDPR any global enterprise that collects or processes information about individuals in the EU is legally responsible for protecting that information while it is under their stewardship. If information is retained, it must be purged when it is no longer needed. This regulation will impact information collected in sales orders, invoices, receipts, delivery slips and many other day-to-day business activities. Types of data that may fall under the regulation can include:
- contact information (name, address, phone number, email)
- credit card information
- personally identifiable information (gender, social security number, etc.)
What does it mean if I run SAP Systems?Once enterprises understand what data falls under GDPR, they must understand how to apply the regulation to the information processed and stored in SAP systems. This can be very complex, as information about individuals can be contained in both data and documents that are stored across multiple environments, systems, locations and countries. Organizations must ensure that this information is protected and properly discarded.
How Dolphin can helpDolphin has a set of SAP-certified audit and compliance solutions that enable companies to comply with GDPR by managing data in online SAP systems and archive repositories. Our solutions enable companies to:
- Identify information on EU residents across SAP environments (ECC, SRM, HR, etc.) and systems (Production, QA, etc.)
- Protect information according to regulations through encryption or masking
- Automatically purge data according to retention rules when it is no longer needed.
- Maintain a centralized audit log of data protection activities that demonstrates compliance with GDPR