The new EU General Data Protection Regulation (GDPR)

On 25 May 2018, the EU’s data protection regulation GDPR will come into effect – it will also end the two-year transitional period for authorities and companies to prepare for the new ruling. From then on, new laws will apply and must be complied with. We can help you prepare your SAP systems for this upcoming legal situation.

The key changes

  • the fines have increased to 4 percent of the total annual revenue generated by the group worldwide, or up to 20 million
  • person affected can report their EU residence to the data protection supervisory authority; thus complaints from all EU member states can be filed
  • the class action is introduced
  • personal data must be deleted once appropriation or retention obligation have expired
  • the right to data destruction is established
  • in the event of a change of purpose, the persons affected must consent

We can support you in

Evaluating your situation – with gap analysis

  • relevant GDPR legal bases for your company
  • person master data in the SAP system (HR master data, customer, vendor, central business partner, contact person, one-time accounts, transaction data, Z-tables)
  • master data processes (life cycle, retention obligations, determination of purpose)
  • opt-in documentation
  • interfaces, master data distribution, add-ons, customer programs, SRM, CRM, BW, DMS

In your documentation

  • prioritization of recommendations for action
  • master data processes
  • data protection impact assessment
  • locking and data destruction
  • data security and processing activities
  • information to person(s) affected
  • process upon data loss

Upon implemention

  • strategic master data management
  • Information lifecycle management (SAP ILM)
  • archiving processes
  • training and communication
  • data protection concept

Sign up for our newsletter


References of ISO Professional Services


SAP and its respective logos are trademarks or registered trademarks of SAP.