SAP & Data privacy
You certainly care about the privacy and trust of your employees, members, clients, agents, etc. You equally want to run your business in the most optimal way. Sometimes these two objectives seem to conflict. You may already have asked yourself already one or more of these questions:
- Can we collect and process client information using SAP Business Information Warehouse and data mining techniques, without compromising the privacy of our clients?
- Can we centralise our SAP processing of payroll and HR without infringing local privacy regulation?
- Can we consolidate SAP processing centres, given that our databases contain personal transactions and other information related to end-users?
- Can we ask candidates to fill in detailed, private information on our recruitment web site?
- Can we use direct e-mail as a marketing tool without being regarded as a spammer abusing the information we maintain on our members?
- Can we be sure that we do not have inadvertent leakages of private data, given our worldwide interconnections?
- Does our customer loyalty scheme pose risks to data privacy?
The EU has led government initiatives to protect the privacy of its citizens (EU Directive on Data Protection and EU Safe Harbour Principles). The US has a combination of legislation to protect the rights of citizens (COPPA, CAN-SPAM) and sector-led initiatives to protect the privacy of patients and customers (HIPAA, GLBA). How can a multinational ensure compliance with relevant legislation and regulations while optimising its business operations and administration?
It is no wonder that many organisations doubt the status of data privacy control and even whether the actual data processing would stand up to detailed scrutiny.
Why Deloitte?
Our services allow you to make maximum use of the data within your SAP systems, in confidence that you are in compliance with data privacy regulations. We can provide a compliance management strategy for cross-border data flows and a framework of policies, procedures and local guidance. Our services also help you set up sound outsourcing agreements with respect to the processing of personal data and enable sound decisions on data centre consolidation.
Deloitte also helps organisations implement sensitive processes such as employee monitoring, complaint handling and private data access request procedures. In addition, we can ensure registration and notification with national authorities, where and when applicable and design binding corporate rules as a means of facilitating the transfer of personal information and as a serious alternative to other compliance mechanisms.
Material on this website is © 2012 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.