In this digital age , personal data about customers , contacts and other business partners(like employees) is one of the most valuable asset for an organization.

In the midst of this digital revolution , data protection regulations have entered a period of unprecedented change .

It is now imperative for any organization to seriously evaluate data protection & privacy relevant processes and tools .

One of the most talked about data protection regulations, which will come into effect in 2018, is GDPR . Let us understand more about GDPR and how SAP Hybris Cloud for Customer can help you comply with GDPR.

What is GDPR :

• The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulationby which the European Parliament, the European Counciland the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU Data Privacy Solution.[Source : Wikipedia]


• The regulation applies if the data controller (organization that collects data from EU residents) or data processor ( organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore the Regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.

What are the implications of Non - compliance :- Penalties up to 4% of annual global revenue or €20 million whichever is greater.

Who must Comply :- Organizations that offer goods or services to, or monitor the behavior of, EU data subjects and those that process or hold the personal data of EU residents.

In the context of this blog data controller will be the organization implementing SAP Hybris Cloud for Customer and data processor will be the solution ,which in the current context, i.e. SAP Hybris Cloud for Customer.

Some points to keep in mind regarding the key roles of Data controller and Data Processor .

Data Controller :- 

1. In general no personal data must be stored without purpose and/or explicit consent. Therefore data controller will have to decide on questions like which data is needed? how to capture consent? what are the retention periods for data and more.


2. It is the data controller’s responsibility to adopt measures that the controller deems appropriate to achieve GDPR compliance.

 

Data Processor

1. Data processor or SAP Hybris Cloud for Customer offers a wide range of tools to support the organizational rules defined by data controller to enable them to comply with regulation such as GDPR . Data controller has to decide and define these rules.


2. Data processor manages & controls access to data privacy relevant master and transactions data for individual customers, contacts and employees and make it accessible.

 



 



Now let us better understand how SAP Hybris Cloud for Customer can help you as a data controller to comply with GDPR .

SAP Hybris Cloud for Customer provides the following tool since many releases to help you configure and execute on your data privacy related policies .

With Cloud for customer your data privacy protection and privacy office will be able to use the following tools :-

• User Authorization using business role configuration:- Ensure that only those sales and service representatives have access to the personal or sensitive personal data of your customers & business partners, which is needed for relevant & justifiable business processes .

you can explore more about business role definition by watching this video



Cloud for customer also offers the possibility to create page layouts to help you define and configure which attributes and entities of a customer record should a business user visualize.

Please watch the video to know more about page layout

• Change Log : Access and analyse change logs for data especially for individual customers , contacts and employees.

• Dedicated Data Privacy application : A dedicated data privacy work center provides you an overview of the data stored about natural persons (e.g. employee, individual customers ) and the deletion of personal data across business scenarios and documents.


• Configurable Data Retention policies : You can configure minimum retention periods per country in order to block data deletion of business partners .This is crucial due to regularity reasons for example in some countries it is mandatory that all the details of an individual should be retained by the data controller if a sale was made in the past "N" years .

Please refer to this video to explore more about Data Disclosure and Data Removal



With SAP Hybris Cloud for Customer 1711 release it will also be possible for custom BOs linked to individual customer , employee and contacts to participate in data disclosure and deletion process.

please refer to the link for more details  Data Privacy Workcenter view

We will be updating this blog post with details & links on more innovations planned for this topic in upcoming releases.

With 1711 , we have also enabled data disclosure and deletion for custom object . Enable Custom Objects in Data Disclosure and Data Deletion views of Data Privacy Management

Other useful links from SAP on this topic

• GDPR : A closer look at a company's stakeholder and their obligations


• CFO Strategic Webinar Series - A practical approach to preparing for GDPR


• SAP : Data Protection and Privacy Overview


• SAP Global Data Protection and Privacy Policy