Let's Talk Data Security

Are you compliant with the terms of your SAP support contract?

One of my colleagues shared with me an excerpt from the SAP Cloud Services Data Processing Agreement (DPA), which states, “This DPA does not apply to non-production environments of the Cloud Service if such environments are made available by SAP, and Customer shall not store Personal Data in such environments.”

I decided to also look at some of the other SAP data processing agreements, and found similar language in their support and professional services DPAs:“Customer shall not grant SAP access to Licensee systems or personal information (of Customer or any third party) unless such access is essential for the performance of SAP Services. Customer shall not store any Personal Data in non-production environments.”

SAP customers have recently been receiving emails highlighting these changes to terms and conditions, requiring customers to take action very soon.

The news in Europe is abuzz with Brexit and the many complexities around it. One of the many questions companies are considering is how compliance with GDPR is affected by Brexit...

Missed the previous articles?  Read them here: Article 1 | Article 2 | Article 3 | Article 4 | Article 5 | Article 6 | Article 7 | Article 8

Breaches happen, and they will happen to you.  In the ninth and final article of this series, we look at how GDPR and POPIA treat data breaches. Read on:

• “Our system was compromised”
• Breach procedures are clear
• Notify them - it is the right thing to do
• Measuring risk and time limits
• Go with the strictest requirements
• All's well that ends well
• You want this poster
• SAP Knowledge Sidebar

Missed the previous articles?  Read them here: Article 1 | Article 2 | Article 3 | Article 4 | Article 5 | Article 6 | Article 7

Deleting data is never as simple as pressing a button. In this eighth article on GDPR and POPIA we look at the requirements and complexities of data deletion. Read on:

• “All good things come to an end”
• No purpose? No data.
• The laws encourage deletion
• The Right to be Forgotten
• Deleting records is a priority, but what about backups?
• Clean data is a clean conscience
• We have a webinar you need to watch
• SAP Knowledge Sidebar

Missed the previous articles?  Read them here: Article 1 | Article 2 | Article 3 | Article 4 | Article 5 | Article 6

How long can you keep data? In the seventh article in our series on GDPR and POPIA we look at the rules and exceptions for archiving data on systems.  Read on:

• “They’re just not that into you”
• Archiving and statistics
• Data retention and the laws
• Redact or archive, it is the safer option
• For the history books
• Missed our webinar? View it here for free.
• SAP Knowledge Sidebar

SAP: ERP off the shelf

Why has SAP been so successful for so long? Because they designed a massively powerful – and scalable – ERP system, which could be installed from the same CDs/DVDs/Files (delete as appropriate depending on your age) at almost any organisation in the world. From there it could be quickly/slowly/glacially (delete as appropriate depending on your industry/project scope etc) tailored to fit a very wide variety of business processes, just by making settings in the IMG. No need for custom code or tables in the database unless you really wanted to bring your own processes to the system, and even that wasn’t too hard to do. 

Read on to find out about:

• BOW: customer-defined objects
• Our SAP GDPR Compliance/Data Privacy Suite: flexibility built in
• Personalised gifts for MAPA
• My own custom-made dummy!

Missed the previous articles?  Read them here: Article 1 | Article 2 | Article 3 | Article 4 | Article 5

In a connected world, it is too easy for personal data to move across borders. In the sixth article in our series, we look at how GDPR and POPIA treat cross-border transfers. Here is what we'll discuss:

• “The neighbour has your data”
• Something like passport control for data
• What the laws say
• How the laws differ
• Pick your cloud wisely
• If you must transfer it, keep it safe
• Confused? Download the the free workflow poster
• SAP Knowledge Sidebar

 The overview below is a comparison between the key changes in GDPR (the General Data Protection Regulation) and the Australian Privacy Act 1988. The aim of this comparison is to give you insight in the differences, and prepare you for what may be coming when the Australian privacy regulations are improved and brought up to the level of the European Union regulations.

Missed the previous articles?  Read them here: Article 1 | Article 2 | Article 3 | Article 4

In the fifth blog in our series, we look at the real reason for the existence of GDPR and POPIA: how we use data. This is where it gets really serious. Here is what we'll discuss:

• “Will they call?”
• Five keys to compliance
• How the laws compare
• You need a data protection officer...
• ...and include them early
• No more data hostages
• Need some direction? We have a flowchart for that
• SAP Knowledge Sidebar

Missed the previous articles?  Read them here: Article 1 | Article 2 | Article 3

It is official: we can't leave it all to the robots.  The fourth article of our series on GDPR and POPIA is all about data analysis and automated decisions. Read on:

• “First dates are interviews”
• Decisions inspiring actions
• Automated decisions? Not on its own
• In the hands of the data subject
• Listening is a data skill
• Download this free flowchart poster
• SAP Knowledge Sidebar