Nestlé improves their data privacy and GDPR compliance with EPI-USE Labs

Complexity of complying with GDPR in SAP across multiple countries

Nestlé initially focused on meeting basic data privacy requirements, but to comply with GDPR (the General Data Protection Regulation), the legal department insisted on precise implementation of data retention concepts for each country. This included the requirement to delete data from systems, a significant shift for Nestlé, as data had never been deleted before. Managing this was particularly challenging, due to both the wide range of retention periods, and the complexity of GDPR laws, which had to be implemented individually for each country.

Nestlé's large SAP landscape presented further difficulties. SAP SuccessFactors, as the main entry point for lifecycle information, required efficient data copying from production to pre-production environments. The company relied on data downloads and mass uploads – which was functional, but not efficient. These factors made the project highly demanding, and complex to manage.

The solution for Nestlé: Data Privacy Suite and Data Sync Manager

Nestlé implemented EPI-USE Labs' Data Disclose and Data Retain, part of the EPI-USE Labs Data Privacy Suite for SAP solutions, to enforce data privacy policies in SAP Human Resources across both production and pre-production systems. This included:

• setting up disclosed reports in SAP, and defining a standardised global process for data transparency
• establishing an efficient retention process, with minimal effort required from individual markets.

To further enhance data privacy compliance within its extensive SAP landscape, Nestlé used EPI-USE Labs' Data Sync Manager (DSM) Suite for efficient data copying and cloning between production and pre-production systems, particularly for testing purposes.

By using DSM and the Data Privacy Suite, Nestlé ensured compliance with GDPR's increasingly stringent requirements, while streamlining data management processes across its systems.

Data privacy compliance and streamlined processes

Working closely together, Nestlé and EPI-USE Labs were able to create country-specific rules to make Nestlé’s SAP systems compliant with GDPR across the board. Using DSM and the Data Privacy Suite significantly streamlined data discovery and deletion processes by automating the identification and extraction of relevant data across systems, improving efficiency and reducing manual effort. This integrated approach ensures consistent data handling across different platforms, enhancing overall data privacy compliance.

The detailed audit logs generated by the EPI-USE Labs’ tools facilitated compliance reporting and provided valuable insights for ongoing data governance efforts. This comprehensive approach to data privacy not only minimised legal risks, but also strengthened Nestlé's commitment to data protection for its employees and stakeholders.

About Nestlé

Nestlé, the world's largest food and beverage company, has been growing and evolving for nearly 160 years. With a presence in 187 countries, Nestlé boasts a diverse portfolio of over 2,000 brands, ranging from global icons to local favourites.