GDPR is a regulation enabling businesses to focus on protection of privacy and personal data of EU citizens regarding transactions occurring in EU member states. This regulation will be applicable within Europe and for companies that process data of EU residents irrespective of their location(s). It imposes severe penalties for non-compliance and will be brought into effect from 25 May 2018.
To ensure compliance with GDPR, companies will need to make significant changes to their traditional data management and data processing approach. This significantly increases the need for expert guidance, compliant technology infrastructure and employee awareness via training. According to The GDPR Preparedness Pulse Survey released by PwC US, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts — with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.
Do these changes create difficulties for companies with operational exposure to EU – strategically or financially or both?
Ovum report states that 85% of U.S. companies are looking at GDPR as a competitive disadvantage for European Companies. Moreover, two-thirds of companies feel that they have to re-think their strategy in Europe. Now, at this watershed moment, it becomes more crucial for companies to gain better understanding of GDPR due to the huge cost and risk associated with being deemed non-compliant.
How is SAP SuccessFactors going to help your company in meeting GDPR’s obligations?
Under Article 6 of the European Union’s GDPR there is an obligation to ensure that you have lawful grounds to process personal data. The regulations define six legal grounds for processing personal data – and these include taking individuals’ consent, abiding by legal obligations, stating contract, working in the public’s interest, considering legitimate interest and protecting the vital interest. It has therefore become essential for organizations to follow the required norms to ensure protection of their employees’ personal data – as required by the regulations defined in the GDPR.
SAP SuccessFactors has always given the highest priority to data protection and after GDPR, they have projected it as an integral subject in their products and services (as per new requirements). SAP SuccessFactors (and its strategic partners) have developed their abilities to become GDPR compliant and are ready to help organizations by offering a wide range of integrated data management and governance, risk, and compliance (GRC) solutions covering the entire SAP SuccessFactors ecosystem. They are committed to streamlining and automating processes of your existing business setup.
SAP SuccessFactors product features already support compliance with many GDPR requirements. These features include product documentation, product-specific role and rights logic, retention and deletion functionalities, consent management inherent in the systems as well as product specific capabilities that represent technical and organizational measures to protect personal data, including encryption.
In addition to GDPR requirements, SAP SuccessFactors has updated certain features to protect sensitive data of employees, candidates and its customers. The feature updations include
- Consent Management: This feature can be useful throughout the consent management process to configure and manage consents and acceptance of statements to auditing the responses provided by individuals.
- Data Blocking: This feature can be used to restrict access to historical, personal data within the retention period and allows one user role to retain access to the data, while blocking access for others.
- Data Subject Information Reporting: It enables individuals to know about their personal data stored by their organisation at any given time and also helps in generating reports of individual’s personal data from across an organisation’s SAP SuccessFactors platform.
- Data Purge: The data purge feature permanently deletes data once there is no longer a legal reason to keep it, reducing an organisation’s risk of noncompliance and data breaches as well as meeting the requirements of some data protection and privacy laws, including the GDPR. This feature enables the organisation to define location-specific data retention regulations to meet the needs of specific countries and industries. .
SAP SuccessFactors and their partners can help in assessing your company’s readiness to EU GDPR compliance through their software services and products. Along with their support, you have the choice to analyse and adopt the most appropriate measure which is suitable for you to achieve the mandated compliance. SAP SuccessFactors offers you the latest tools and capabilities and helps you to drive your GDPR compliance journey, blocks the exposure to losses and most importantly improves governance within your organization.
Should you need any further information on how SAP SuccessFactors can be leveraged to drive your GDPR agenda, please reach out to Irene Jones, who will route you to our SAP SuccessFactors GDPR Compliance Specialists.