I have worked in the UK utilities industry for the last 15 years, and I've spent the last ten years using SAP in this industry. For the last year I have worked with EPI-USE Labs in SAP Data and Landscape Management. This is a highly complex industry where vast amounts of personal data have to be stored in order to service the customer effectively, but with this amount of data also comes a strong focus on Data Protection Compliance. Over the next year, we are going to see a large change in the requirements for compliance as the General Data Protection Regulation (GDPR) comes into force on 25 May 2018. There is a lot of information available on GDPR, and as mentioned I am not a lawyer or process expert in your business, so I’m not going to promise you the golden bullet to compliance.
However, I am going to publish a paper every couple of weeks during the coming months focusing on a different area of GDPR, specific to SAP data management. I will cover:
As we at EPI-USE Labs progress with our developments and learning in this area, I will then write subsequent articles detailing what we have found and how we can help.
What is the history behind GDPR?
For the last 19 years, any UK company recording Personal Data of Companies or Customers has had to abide by the principles of the UK Data Protection Act 1998 (created following the 1995 EU Data Protection Directive). I was still attending high school at that time, people were still asking “jeeves” - google only just being founded that year, and the DVD format was released in the UK! Technological advancements have made huge leaps to what we are very used to in our daily lives today in 2017. The UK Data Protection Act 1998 provided requirements for the protection of any personal data relating to living individuals which could identify them and covered any “processing” of the data whether that be computerised or not. However, so much has changed and the volume of data which requires protection has increased exponentially since then - and as such this act is now to be superseded.
Now the European Union has created the General Data Protection Regulation (GDPR) which is live now but needs to be in place and demonstrable by all entities processing secure data by 25 May 2018. Although in legal terms 23 years is not a long time for a law to be in place with the speed at which technology, social media and consumer habits have changed, in this period the Data Protection Directive became out of date.
What is the difference between the Directive and the Regulation?
The difference between the Directive and the Regulation is that the Directive outlined principles for which each EU member state had to define their own laws; by comparison the Regulation is a strict legal act covering all EU countries which is centrally controlled and enforced. The Regulation continues to enforce the principle that a Person / Company (“Data Subject”) can request to view, change or delete their data, but also stipulates that:
What does this mean to you?
Here are a couple of highlights:
Will you be ready?
At EPI-USE Labs, I work as part of the services team that leverages our unique IP for SAP Landscape and data management. Exciting stuff! Over this series of blogs, I intend to highlight where we can assist you in becoming more GDPR compliant. I will share with you what I learn about GDPR as we take this journey together. If you need any further information, you can subscribe to our "Let's talk Data Security" blog, or contact us on the form below.