Users fear SAP systems make GDPR compliance harder to achieve

Access control and workforce mobility are chief challenges, customers say

Customers are becoming increasingly concerned about the security and compliance of their SAP systems, as incoming data protection rules get ever closer.

The EU's General Data Protection Regulation (GDPR) will apply in the UK and elsewhere less than a year from now, and the rush to comply is causing some alarm among the ERP giant's users.

GDPR will introduce new fines of up to 4% of turnover or 20 million for data breaches and for failing to comply with the stricter data protection legislation, which seeks to hand more control to people over how organisations can use their personal information.

But an overwhelming 86% of SAP users said they don't understand GDPR's implications for their current and future SAP landscapes, according to a survey of 102 customers conducted by the UK & Ireland SAP User Group.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Half of respondents admitted their compliance and security concerns are greater now than they were a year ago, while 55% cited their growing use of SAP cloud and mobility tools as security challenges and 57% said it was an obstacle to compliance.

"With the continued growth of cloud computing and increasingly mobile workforces, it is a challenge for organisations to fully understand where their data is residing and how it is being accessed," said Brian Froom, audit, control and security special interest group chair at the UK & Ireland SAP User Group.

While the user group and SAP will work together to offer customers best practice to help them navigate GDPR successfully, Froom said SAP might not be in a position to offer guidance to struggling customers, because it's grappling with the compliance challenges itself.

"They are trying to figure this out as well," he told IT Pro. "They have not only their own customer data which has to comply, [but] must fully secure solutions for customers as well."

SAP access control was a chief concern among customers, cited by 70% of respondents, while 73% pointed to the challenge of balancing workforce mobility with a secure and compliant SAP landscape.

Froom explained that access control creates potential issues under GDPR, which considers IP addresses and business emails to constitute personal data, requiring opt-in consent.

Advertisement - Article continues below

SAP does have a governance, risk and compliance module, but only 47% of respondents were using it - 35% said it was too expensive, and 18% deemed it too complex.

SAP UK & Ireland's COO, Simon Niesler, said: "We appreciate customer concerns about the implications of GDPR. The more bureaucracy and complexity you have in your business segment, the harder it is to grow quickly, and speed is what matters today. This is why we want to work closely with our customers to ensure they have the right technology infrastructure in place that meets both local and global legislative needs.

"There may be local regulations, but we need these issues solved on a global basis, and SAP is working with the international community on behalf of its customers and partners to do so."

The user group is holding an event called Securing Your Systems in the Digital World in Birmingham on 5 July, where experts will be on hand to offer advice on GDPR.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019