Users fear SAP systems make GDPR compliance harder to achieve

Access control and workforce mobility are chief challenges, customers say

Customers are becoming increasingly concerned about the security and compliance of their SAP systems, as incoming data protection rules get ever closer.

The EU's General Data Protection Regulation (GDPR) will apply in the UK and elsewhere less than a year from now, and the rush to comply is causing some alarm among the ERP giant's users.

Advertisement - Article continues below

GDPR will introduce new fines of up to 4% of turnover or 20 million for data breaches and for failing to comply with the stricter data protection legislation, which seeks to hand more control to people over how organisations can use their personal information.

But an overwhelming 86% of SAP users said they don't understand GDPR's implications for their current and future SAP landscapes, according to a survey of 102 customers conducted by the UK & Ireland SAP User Group.

Half of respondents admitted their compliance and security concerns are greater now than they were a year ago, while 55% cited their growing use of SAP cloud and mobility tools as security challenges and 57% said it was an obstacle to compliance.

"With the continued growth of cloud computing and increasingly mobile workforces, it is a challenge for organisations to fully understand where their data is residing and how it is being accessed," said Brian Froom, audit, control and security special interest group chair at the UK & Ireland SAP User Group.

Advertisement - Article continues below
Advertisement - Article continues below

While the user group and SAP will work together to offer customers best practice to help them navigate GDPR successfully, Froom said SAP might not be in a position to offer guidance to struggling customers, because it's grappling with the compliance challenges itself.

"They are trying to figure this out as well," he told IT Pro. "They have not only their own customer data which has to comply, [but] must fully secure solutions for customers as well."

SAP access control was a chief concern among customers, cited by 70% of respondents, while 73% pointed to the challenge of balancing workforce mobility with a secure and compliant SAP landscape.

Froom explained that access control creates potential issues under GDPR, which considers IP addresses and business emails to constitute personal data, requiring opt-in consent.

SAP does have a governance, risk and compliance module, but only 47% of respondents were using it - 35% said it was too expensive, and 18% deemed it too complex.

Advertisement - Article continues below

SAP UK & Ireland's COO, Simon Niesler, said: "We appreciate customer concerns about the implications of GDPR. The more bureaucracy and complexity you have in your business segment, the harder it is to grow quickly, and speed is what matters today. This is why we want to work closely with our customers to ensure they have the right technology infrastructure in place that meets both local and global legislative needs.

"There may be local regulations, but we need these issues solved on a global basis, and SAP is working with the international community on behalf of its customers and partners to do so."

The user group is holding an event called Securing Your Systems in the Digital World in Birmingham on 5 July, where experts will be on hand to offer advice on GDPR.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020