Skip to main content
GDPR Header

GDPR and SAP Systems

The GDPR ( is almost here! For those of you who doesn’t know about the GDPR let me give you a quick description:
  • The General Data Protection Regulation (GDPR) is a regulation approved by the EU Parliament on 14th April 2016.
  • The GDPR intention is to enforce, strengthen and unify data protection for all individuals within the European Union.
  • It will also make more difficult to export data from those individuals outside the EU (hello U.S. companies!).
  • If you want to be GDPR compliance you will need to use one or more ways to encrypt the data within both on-premise and cloud solutions.
  • This include servers (file, application, database, etc.), Storage (Network-attached Storage and Storage Area Network), Media and Networks.
So basically according to the GDPR an organization must:
  • Only process data for authorized purposes
  • Ensure data accuracy and integrity
  • Minimize subjects’ identity exposure
  • Implement data security measures
If you have been working in Spain in the IT field you probably worked with the Ley Organica de Protección de Datos (LOPD). The Spanish LOPD was the law that established a set of principles, rights and duties that each organization bust accomplish regarding data protection. GDPR is basically a LOPD applied to the whole European Union with some differences. I won’t go into the differences since there are plenty of information on Internet about them.
The deadline for becoming GDPR compliant is May 25th 2018. The deadline is quite close and there is a lot of work to do!

SAP and the GDPR

Right now you are wondering why I’m speaking about the GDPR in a SAP blog, right? Because SAP systems are completely full of personal data! Considering this you should be worried of become GDPR compliant with your SAP systems. Luckily SAP released the SAP Note 2590321 – Upgrade recommendations to support GDPR compliance describing the recommended target release for each of their products. So if you have a SAP ERP system then SAP recommends that your ERP version should be SAP ERP 6.0 EhP8 SP06. Does this means that you should upgrade your system before May 25th? No! The versions described in the SAP Note 2590321 contains improvements and are optimized to achieve GDPR compliance. That doesn’t mean that older version won’t be GDPR compliant.

As you may already know, GDPR requires to manage all elements of the personal data life cycle within your company. Because of this no single solution can be GDPR compliant per se. It is required a lot more work to do rather than upgrade your SAP systems… I leave you some interesting documents related to GDPR:

But my company is from outside the EU…

In that case… the European Union doesn’t give a s**t if you are from outside the EU! The GDPR affects companies both inside and outside the EU. The problem is that if your company is dealing with EU business’, residents’ or citizens’ data then you will have to comply with the GDPR. Do you said that you don’t give a s**t about GDPR and the EU? Well in that case the fine could be up to 20 million € or 2% and 4% of the annual global turnover (of course the amount which is greater). Considering this I have to say that I’m sorry, you will have to become GDPR compliant…

Good luck for the following months guys! Remember, the deadline is May 25th 2018 and there is still a lot of work to do!

One thought to “GDPR and SAP Systems”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.