SAP users are fearing that their use of these systems will make compliance with GDPR more difficult. According to a recent SAP User Group Study, the vast majority of organisations do not understand how the new European Union General Data Protection Regulations could affect their current SAP environment and concerns about compliance are increasing. This is perhaps understandable as the May 25 2018 date that the new regulations start gets ever closer and an increasing awareness that GDPR fines can be as much as 20 million euros or 4% of global turnover, whichever is higher.
More than 50% of those who responded to the survey said that their compliance concerns had increased over the past twelve months, with cloud computing (53%) and workforce mobility (57%) being particular concerns. Access control too is another challenge with 73% of respondents also saying that it was hard to balance workforce productivity and flexibility with security and GDPR compliance.
Speaking to ITPro.co.uk, Brian Froom, audit, control and security special interest group chair at the UK & Ireland SAP User Group said: “With the continued growth of cloud computing and increasingly mobile workforces, it is a challenge for organisations to fully understand where their data is residing and how it is being accessed. They are trying to figure this out as well. They have not only their own customer data which has to comply, [but] must fully secure solutions for customers as well.”
In another interview, this time with Infosecurity Magazine, Brian Froome said that a review of access rights was something that should regularly be done, working on the principle of least privilege.
“At the same time, they must ensure that the segregation of duties are appropriately managed and controlled. Ultimately, ensuring a good level of access control will go a long way to showing how an organisation protects its information assets. This is especially important with GDPR around the corner.”
SAP UK & Ireland’s COO, Simon Niesler, said: “We appreciate customer concerns about the implications of GDPR. The more bureaucracy and complexity you have in your business segment, the harder it is to grow quickly, and speed is what matters today. This is why we want to work closely with our customers to ensure they have the right technology infrastructure in place that meets both local and global legislative needs.
“There may be local regulations, but we need these issues solved on a global basis, and SAP is working with the international community on behalf of its customers and partners to do so.”
We can only expect concerns about compliance with the forthcoming introduction of the European Union’s General Data Protection Regulations to increase as the May 25 2018 date gets ever closer.