Expand +



How SAP Solution Extensions Help Compliance with the General Data Protection Regulation (GDPR)

by Cindy Morel, Director, SAP Global Marketing, SAP Solution Extensions | SAPinsider, Volume 19, Issue 2

April 30, 2018

SAP Solution Extensions

Failure to comply with the General Data Protection Regulation (GDPR) has dire consequences for businesses, including loss of reputation and fines. This article explains how an organization can use SAP Solutions Extensions to track personal data flow, control users’ access to applications and data, safely share data with partners, and protect application codes used for data processing.

The new General Data Protection Regulation (GDPR) represents an opportunity to transform the way organizations handle data and manage risk. For companies that do not comply, the consequences can be severe, including hefty fines and damage to public image. SAP Solution Extensions can play an important role in achieving and maintaining ongoing compliance with the GDPR. By complementing a company’s existing data protection strategies, SAP Solution Extensions can assist in everything from tracking the flow of personal data to managing user access within the organization, all while facilitating the transition to digital business. 

Best Run Businesses Rely on Information Excellence

The GDPR requires companies to understand how personal data flows throughout the business. The more effectively businesses manage data across the organization, the more straightforward it will be to address these requirements. While most companies have business process models as part of their enterprise architecture, SAP Process Mining by Celonis tracks how personal data flows through processes and applications. With a clear picture of whether processes are running as designed — as well as where and when processing takes place — organizations can truly understand what business processes are using personal data, if those processes include third-party entities, what applications supply those processes, and if there are undocumented variant sub-processes. Protecting that personally identifiable information is core to the GDPR — whether data is in transit, at rest, or in use. SAP Data Encryption by CipherCloud supports multiple protection methods including partial field encryption, format-preserving encryption, and tokenization. The solution works to transparently protect users and safeguard data while preserving a seamless user experience with SAP SuccessFactors solutions. And while the GDPR has specific requirements around deletion of personal data based on a legal basis for processing an individuals’ rights to erasure, other regulations require a legal hold of data for activities like tax reporting and e-discovery. The integration of SAP Information Lifecycle Management with SAP Extended Enterprise Content Management by OpenText can help organizations simplify management of archiving, retention, and destruction of personal data and unstructured content to address the ever-growing, constantly evolving list of country and industry regulations. 

It's Not Just About Managing Data.

Nearly half of the regulation’s articles are related to business procedures associated with policies, controls, record keeping, and the accountabilities of different roles and entities. For businesses to avoid costly penalties, the governance of policies,processes, and people must be clearly defined and documented. Both data processors and controllers are responsible for GDPR requirements for personal data, wherever that data may be in the business network. SAP Dynamic Authorization Management by NextLabs enables organizations to quickly and securely share data with partners using dynamic, attribute-based access control. This capability allows organizations to collaborate safely across their business network. And while protecting data is crucial, securing the application code that processes the data is equally essential. SAP Fortify by Micro Focus helps secure all applications wherever they are deployed — in house, on the web, in the cloud, or on mobile devices. The software integrates code vulnerability analysis across the solution lifecycle and automates key processes for developing and deploying highly secure technology and services. Managing user access to applications and data is also key to data protection and requires a careful balance — too much access creates risk, and too little impacts business operations. SAP Access Violation Management by Greenlight enables organizations to make informed decisions by automatically measuring access risk and assessing its financial impact.

Learn More

To thrive in today’s digital economy, organizations need to run at their best to meet and create customer demand in the moment of opportunity. Data is at the core of a best run business, and the GDPR provides a timely catalyst for improvement. To learn more about how SAP Solution Extensions can help, visit

An email has been sent to:


Cindy Morel
Cindy Morel

Director, SAP Solution Extensions, Global Marketing, SAP

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!