This blog is part of our Nordic blog series, ” Why cybersecurity and privacy matter in S/4HANA projects”. Explore other blog posts from this series here:
It is not uncommon to hear statements that SAP does not contain personal data and thus that SAP as a system would not be subject to GDPR requirements. However, the meaning of personal data is very broad, and the term does not only refer to social security numbers and names of individuals. According to GDPR, any information that can be used to identify an individual can be considered personal data.
In SAP, depending on the system being used, personal data refers to different types of information, such as:
As in your S/4HANA projects, your organisation stores, transfers and otherwise processes personal data, the GDPR enters into play.
Preparing for possible unfavourable outcomes in organisational operations raises the question of accountability. It is the leadership and management teams who are primarily responsible for ensuring compliance, and therefore accountable for any non-compliance issues. For the S/4HANA projects this means that the management must ensure that the system has been implemented in a way that mitigates any potential risks to the organisation.
It is the leadership and management teams who are primarily responsible for ensuring compliance, and therefore accountable for any non-compliance issues.
The GDPR requires privacy to be built in by design and by default. This basically means that in S/4HANA projects it is crucial to take privacy and cybersecurity into consideration at the earliest. As a leader , you should do the following: