Updated: Nov 16, 2019
The GDPR (https://www.eugdpr.org/) is here! Here is a brief description of the GDPR and its Impact on Data Security of all the Organisations.
The General Data Protection Regulation (GDPR) is a regulation approved by the EU Parliament on 14th April 2016. The GDPR intention is to enforce, strengthen and unify data protection for all individuals within the European Union.It will also make more difficult to export data from those individuals outside the EU (hello U.S. companies!). If you want to be GDPR compliance you will need to use one or more ways to encrypt the data within both on-premise and cloud solutions. This include servers (file, application, database, etc.), Storage (Network-attached Storage and Storage Area Network), Media and Networks.So basically according to the GDPR an organization must:
Only process data for authorized purposes Ensure data accuracy and integrity Minimize subjects’ identity exposure Implement data security measures. If you have been working in Spain in the IT field you probably worked with the Ley Organica de Protección de Datos (LOPD). The Spanish LOPD was the law that established a set of principles, rights and duties that each organization bust accomplish regarding data protection. GDPR is basically a LOPD applied to the whole European Union with some differences. The GDPR Regulations has become a law on May 25th 2018. Why SAP and the GDPR? Because most organisations run on SAP systems hold personal data that includes HR Applications! Considering this it is imperative that SAP Systems must become GDPR compliant. SAP released certain recommendations becoming Compliant with the GDPR Laws. So if you have a SAP ERP system then SAP recommends that your ERP version should be SAP ERP 6.0 EhP8 SP06. That doesn’t mean that older version won’t be GDPR compliant. GDPR requires to Organize and manage The Personal Data stored in SAP systems or with in your company. there is no Single solution to Manage GDPR in the Entire Company. it requires to Rewrite the Policies, procedures, SOP's agreements etc., to achieve this Objective.
one of the common misconception is that if the Company Operates outside of EU then GDPR Laws will not Apply, this is not True. the GDPR Law applies to any Company operating in any part of the world if it is dealing with any Business in EU, EU Residents, EU Citizens data then you fall into GDPR Compliance law.