Users fear SAP systems make GDPR compliance harder to achieve

Access control and workforce mobility are chief challenges, customers say

Customers are becoming increasingly concerned about the security and compliance of their SAP systems, as incoming data protection rules get ever closer.

The EU's General Data Protection Regulation (GDPR) will apply in the UK and elsewhere less than a year from now, and the rush to comply is causing some alarm among the ERP giant's users.

GDPR will introduce new fines of up to 4% of turnover or 20 million for data breaches and for failing to comply with the stricter data protection legislation, which seeks to hand more control to people over how organisations can use their personal information.

But an overwhelming 86% of SAP users said they don't understand GDPR's implications for their current and future SAP landscapes, according to a survey of 102 customers conducted by the UK & Ireland SAP User Group.

Half of respondents admitted their compliance and security concerns are greater now than they were a year ago, while 55% cited their growing use of SAP cloud and mobility tools as security challenges and 57% said it was an obstacle to compliance.

"With the continued growth of cloud computing and increasingly mobile workforces, it is a challenge for organisations to fully understand where their data is residing and how it is being accessed," said Brian Froom, audit, control and security special interest group chair at the UK & Ireland SAP User Group.

While the user group and SAP will work together to offer customers best practice to help them navigate GDPR successfully, Froom said SAP might not be in a position to offer guidance to struggling customers, because it's grappling with the compliance challenges itself.

"They are trying to figure this out as well," he told IT Pro. "They have not only their own customer data which has to comply, [but] must fully secure solutions for customers as well."

SAP access control was a chief concern among customers, cited by 70% of respondents, while 73% pointed to the challenge of balancing workforce mobility with a secure and compliant SAP landscape.

Froom explained that access control creates potential issues under GDPR, which considers IP addresses and business emails to constitute personal data, requiring opt-in consent.

SAP does have a governance, risk and compliance module, but only 47% of respondents were using it - 35% said it was too expensive, and 18% deemed it too complex.

SAP UK & Ireland's COO, Simon Niesler, said: "We appreciate customer concerns about the implications of GDPR. The more bureaucracy and complexity you have in your business segment, the harder it is to grow quickly, and speed is what matters today. This is why we want to work closely with our customers to ensure they have the right technology infrastructure in place that meets both local and global legislative needs.

"There may be local regulations, but we need these issues solved on a global basis, and SAP is working with the international community on behalf of its customers and partners to do so."

The user group is holding an event called Securing Your Systems in the Digital World in Birmingham on 5 July, where experts will be on hand to offer advice on GDPR.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020