Is S/4 your first major project since GDPR came into effect?

06 November 2019
Written by Paul Hammersley

As Senior Vice-President of the ALM Products at EPI-USE Labs, Paul Hammersley's portfolio includes test data management, landscape optimisation, and archiving. He has been a remarkable technical force in the SAP arena for over 20 years, and has extensive hands-on experience of implementing Data Sync Manager (DSM) and helping clients to manage data across the breadth of their SAP landscapes.

Is S/4 your first major project since GDPR came into effect?
All IT projects must have ‘privacy by design’, and S/4 is on everyone’s horizon

I was recently at SAP Teched 2019 in Barcelona, and of course the message was very heavily ‘Cloud’ and S/4. It was interesting to see some detailed information about very large SAP environments that have now gone to S/4, and also noticeable how many people were present to hear about those. The tipping point seems to have been reached now, and an S/4 project is clearly planned by most SAP customers, if it isn’t already underway.

For many, this will be the first major IT project they’ve undertaken since GDPR came into effect, with its Article 25 - 'Data protection by design and by default'.  If that’s the case, then has privacy been outlined in the planning already? Surely each phase of the plan must have a privacy section to it. There is still an alarming lack of GDPR knowledge in the IT teams at some organisations, but worryingly also at some SIs and software vendors. In a session at Teched, I heard the presenter state categorically that the data subject’s consent must be stored in all cases. The slides they showed fortunately disagreed, but anyone relying solely on the narrative would have been given crucially incorrect guidance. Consent is one of the legal grounds for storing data, but is often referred to as the grounds of last resort, because it may then be taken away at any time, and the organisation must have processes in place to manage such requests. A contractual requirement like delivering a service to someone is a much better legal grounds for processing their data, and does not require their consent beyond their agreement to the contract in the first place.

Innovation for all

Anyway, back to the mother of all upgrades for those of you doing Brownfield S/4 migrations (also known as ‘System conversions’), or an eagerly awaited opportunity to revisit ancient SAP implementation choices for those doing Greenfield S/4 implementations.

I attended an excellent event at our sister company G3G and the CEO Chris Gunther talked, incredibly insightfully (as ever), about the need to not just move to S/4, but to embrace the innovation options it brings in order to help your organisation be successful in this ever more competitive world.

S/4 is the gateway to leveraging machine learning, AI and all the UX capabilities that come built in. I saw an excellent presentation on the upcoming SAP Graph which included a demo of a chat bot amending a delivery date at the behest of the buyer, and it was completed end-to-end without another human's interaction. For SAP customers, this type of capability is light years ahead of what their existing core ERP systems have been doing. But with more functionality comes more security requirements. Just the change to Fiori, as the UI requires significant authorisation changes. And of course data moving seamlessly between different parts of the platform also needs to be governed effectively. Not as exciting as seeing the chat bot succeed, but essential if you wish to release the chat bot into the wild.

Please don’t forget to innovate when it comes to the place of privacy in the project too. It has to be there from the start, and part of the design, to comply with GDPR's Article 25.

GDPR White Paper CTA


  GDPR COMPLIANCE/DATA PRIVACY SUITE DATA REMOVAL SERVICES WEBINAR

 

 

Explore Popular Tags

GDPR Data Privacy Data Security Data Secure GDPR compliance Data Redaction data scrambling Data Redact General Data Protection Regulation POPI Act POPIA SAP Data Security SAP GDPR SAP data privacy and compliance Data Archiving Data Sync Manager Data privacy regulations Right to be forgotten Data privacy compliance GDPR readiness GDPR deadline Personal data SAP SAP security SAP systems GRC for SAP SAP data privacy and security Access Risk management Access risk controls Data Privacy suite Data minimisation Data security breaches Governance, Risk Management and Compliance (GRC) compliance COVID-19 Data privacy by design Risk monitoring SAP data copying and masking SAR Soterion Subject Access Request anonymised data Australian Privacy Act 1988 CCPA Client Sync Data Protection Day Data masking EPI-USE Labs’ solutions European operations Federal Law GDPR fine Guest order ICO May 2018 Object Sync One-time customer Privacy by Design Reducing risk Right to Erasure Risk minimisation S/4HANA Migrations SAP S/4HANA SAP data privacy & security Secure scrambled production data for testing Test Data Management security breach Backlog privacy debt Black Friday Black Friday hangover Black Friday sales Breach Notification Brexit Budget Canada data privacy legislation Cenoti Cloud migrations Confidentiality Consent DSM DSM Readiness Assessment Data Diclose Data Portability Data Removal Data Replication Data Sync Manager (DSM) Data integrity Data privacy assessment Data processor versus controller Data retention rules Documentation Employee data Europe Friday 25 May 2018 GDPR-type legislation GRC GRC for SAP tools General Data Protection HCM HR ILM Information Commissioner’s Office Information transfer Infotype 41 JSOX New Zealand Privacy Act News Online shopping Penalties Personal Data Protection Law (PDPL) Proportional Data Protect personal employee data Removing data in SAP Right to Access Rise with SAP Risk management S4HANA SAP Cloud SAP Data Privacy Suite SAP RISE SAP SuccessFactors SAP access risk simulations SAP data SAP data encryption SOX Sarbanes-Oxley (SOX) legislation Saudi Arabia Security Security for SAP. Live Sensitive HCM data South African data privacy legislation Success Factors Territorial Scope UK Government User Access Review Virtual conference What does the European GDPR mean for Australia? ebook masking rules quality of test data system copy uk sox
+ See More

Get Instant Updates


Leave a Comment: