Is S/4 your first major project since GDPR came into effect?

November 06, 2019
Written by Paul Hammersley

Paul has for many years been a remarkable technical force at EPI-USE Labs. As VP of the ALM Products, his portfolio includes System Landscape Optimization, and his hands-on experience of implementing Data Sync Manager and helping clients to manage data across the breadth of their SAP landscapes is unique. He has specialised knowledge about data security and how GDPR (the General Data Protection Regulation) impacts companies running SAP.

Is S/4 your first major project since GDPR came into effect?
All IT projects must have ‘privacy by design’, and S/4 is on everyone’s horizon

I was recently at SAP Teched 2019 in Barcelona, and of course the message was very heavily ‘Cloud’ and S/4. It was interesting to see some detailed information about very large SAP environments that have now gone to S/4, and also noticeable how many people were present to hear about those. The tipping point seems to have been reached now, and an S/4 project is clearly planned by most SAP customers, if it isn’t already underway.

For many, this will be the first major IT project they’ve undertaken since GDPR came into effect, with its Article 25 - 'Data protection by design and by default'.  If that’s the case, then has privacy been outlined in the planning already? Surely each phase of the plan must have a privacy section to it. There is still an alarming lack of GDPR knowledge in the IT teams at some organisations, but worryingly also at some SIs and software vendors. In a session at Teched, I heard the presenter state categorically that the data subject’s consent must be stored in all cases. The slides they showed fortunately disagreed, but anyone relying solely on the narrative would have been given crucially incorrect guidance. Consent is one of the legal grounds for storing data, but is often referred to as the grounds of last resort, because it may then be taken away at any time, and the organisation must have processes in place to manage such requests. A contractual requirement like delivering a service to someone is a much better legal grounds for processing their data, and does not require their consent beyond their agreement to the contract in the first place.

Innovation for all

Anyway, back to the mother of all upgrades for those of you doing Brownfield S/4 migrations (also known as ‘System conversions’), or an eagerly awaited opportunity to revisit ancient SAP implementation choices for those doing Greenfield S/4 implementations.

I attended an excellent event at our sister company G3G and the CEO Chris Gunther talked, incredibly insightfully (as ever), about the need to not just move to S/4, but to embrace the innovation options it brings in order to help your organisation be successful in this ever more competitive world.

S/4 is the gateway to leveraging machine learning, AI and all the UX capabilities that come built in. I saw an excellent presentation on the upcoming SAP Graph which included a demo of a chat bot amending a delivery date at the behest of the buyer, and it was completed end-to-end without another human's interaction. For SAP customers, this type of capability is light years ahead of what their existing core ERP systems have been doing. But with more functionality comes more security requirements. Just the change to Fiori, as the UI requires significant authorisation changes. And of course data moving seamlessly between different parts of the platform also needs to be governed effectively. Not as exciting as seeing the chat bot succeed, but essential if you wish to release the chat bot into the wild.

Please don’t forget to innovate when it comes to the place of privacy in the project too. It has to be there from the start, and part of the design, to comply with GDPR's Article 25.

GDPR White Paper CTA




Explore Popular Tags

GDPR Data Privacy data security data secure data scrambling GDPR compliance POPI Act POPIA Data Sync Manager Data Redaction Right to be forgotten GDPR readiness General Data Protection Regulation SAP GDPR Data Archiving Data Redact GDPR deadline sap personal data Data privacy compliance SAP data privacy and compliance SAP systems SAR Subject Access Request Access risk controls CCPA Data privacy regulations European operations Federal Law GRC for SAP May 2018 Right to Erasure Risk monitoring SAP Data Security SAP security anonymised data compliance test data management Australian Privacy Act 1988 Breach Notification Brexit Budget COVID-19 Canada data privacy legislation Client Sync Cloud migrations Consent DSM Data Portability Data privacy by design Documentation Europe Friday 25 May 2018 GDPR-type legislation Governance, Risk Management and Compliance (GRC) HCM HR ICO Information Commissioner’s Office Information transfer Infotype 41 Object Sync Penalties Privacy by Design Proportional Data Right to Access Risk management S/4HANA Migrations SAP S/4HANA SAP data Secure scrambled production data for testing Security Security for SAP. Live South African data privacy legislation Success Factors Territorial Scope UK Government Virtual conference What does the European GDPR mean for Australia? masking rules quality of test data system copy
+ See More

Get Instant Updates

Leave a Comment: