2 minute read
All IT projects must have ‘privacy by design’, and S/4 is on everyone’s horizon
I was recently at SAP Teched 2019 in Barcelona, and of course the message was very heavily ‘Cloud’ and S/4. It was interesting to see some detailed information about very large SAP environments that have now gone to S/4, and also noticeable how many people were present to hear about those. The tipping point seems to have been reached now, and an S/4 project is clearly planned by most SAP customers, if it isn’t already underway.
For many, this will be the first major IT project they’ve undertaken since GDPR came into effect, with its Article 25 - 'Data protection by design and by default'. If that’s the case, then has privacy been outlined in the planning already? Surely each phase of the plan must have a privacy section to it. There is still an alarming lack of GDPR knowledge in the IT teams at some organisations, but worryingly also at some SIs and software vendors. In a session at Teched, I heard the presenter state categorically that the data subject’s consent must be stored in all cases. The slides they showed fortunately disagreed, but anyone relying solely on the narrative would have been given crucially incorrect guidance. Consent is one of the legal grounds for storing data, but is often referred to as the grounds of last resort, because it may then be taken away at any time, and the organisation must have processes in place to manage such requests. A contractual requirement like delivering a service to someone is a much better legal grounds for processing their data, and does not require their consent beyond their agreement to the contract in the first place.
Innovation for all
Anyway, back to the mother of all upgrades for those of you doing Brownfield S/4 migrations (also known as ‘System conversions’), or an eagerly awaited opportunity to revisit ancient SAP implementation choices for those doing Greenfield S/4 implementations.
I attended an excellent event at our sister company G3G and the CEO Chris Gunther talked, incredibly insightfully (as ever), about the need to not just move to S/4, but to embrace the innovation options it brings in order to help your organisation be successful in this ever more competitive world.
S/4 is the gateway to leveraging machine learning, AI and all the UX capabilities that come built in. I saw an excellent presentation on the upcoming SAP Graph which included a demo of a chat bot amending a delivery date at the behest of the buyer, and it was completed end-to-end without another human's interaction. For SAP customers, this type of capability is light years ahead of what their existing core ERP systems have been doing. But with more functionality comes more security requirements. Just the change to Fiori, as the UI requires significant authorisation changes. And of course data moving seamlessly between different parts of the platform also needs to be governed effectively. Not as exciting as seeing the chat bot succeed, but essential if you wish to release the chat bot into the wild.
Please don’t forget to innovate when it comes to the place of privacy in the project too. It has to be there from the start, and part of the design, to comply with GDPR's Article 25.