Users fear SAP systems make GDPR compliance harder to achieve

Access control and workforce mobility are chief challenges, customers say

Customers are becoming increasingly concerned about the security and compliance of their SAP systems, as incoming data protection rules get ever closer.

The EU's General Data Protection Regulation (GDPR) will apply in the UK and elsewhere less than a year from now, and the rush to comply is causing some alarm among the ERP giant's users.

Advertisement - Article continues below

GDPR will introduce new fines of up to 4% of turnover or 20 million for data breaches and for failing to comply with the stricter data protection legislation, which seeks to hand more control to people over how organisations can use their personal information.

But an overwhelming 86% of SAP users said they don't understand GDPR's implications for their current and future SAP landscapes, according to a survey of 102 customers conducted by the UK & Ireland SAP User Group.

Half of respondents admitted their compliance and security concerns are greater now than they were a year ago, while 55% cited their growing use of SAP cloud and mobility tools as security challenges and 57% said it was an obstacle to compliance.

"With the continued growth of cloud computing and increasingly mobile workforces, it is a challenge for organisations to fully understand where their data is residing and how it is being accessed," said Brian Froom, audit, control and security special interest group chair at the UK & Ireland SAP User Group.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

While the user group and SAP will work together to offer customers best practice to help them navigate GDPR successfully, Froom said SAP might not be in a position to offer guidance to struggling customers, because it's grappling with the compliance challenges itself.

"They are trying to figure this out as well," he told IT Pro. "They have not only their own customer data which has to comply, [but] must fully secure solutions for customers as well."

SAP access control was a chief concern among customers, cited by 70% of respondents, while 73% pointed to the challenge of balancing workforce mobility with a secure and compliant SAP landscape.

Froom explained that access control creates potential issues under GDPR, which considers IP addresses and business emails to constitute personal data, requiring opt-in consent.

SAP does have a governance, risk and compliance module, but only 47% of respondents were using it - 35% said it was too expensive, and 18% deemed it too complex.

Advertisement - Article continues below

SAP UK & Ireland's COO, Simon Niesler, said: "We appreciate customer concerns about the implications of GDPR. The more bureaucracy and complexity you have in your business segment, the harder it is to grow quickly, and speed is what matters today. This is why we want to work closely with our customers to ensure they have the right technology infrastructure in place that meets both local and global legislative needs.

"There may be local regulations, but we need these issues solved on a global basis, and SAP is working with the international community on behalf of its customers and partners to do so."

The user group is holding an event called Securing Your Systems in the Digital World in Birmingham on 5 July, where experts will be on hand to offer advice on GDPR.

Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020