Cross-Border Data Transfer and EU Access Service by SAP

Transferring personal data from the European Union (EU), including other countries from the European Economic Area and Switzerland, to a third country typically presents challenges related to meeting data protection requirements.

An example of such requirements is the General Data Protection Regulation (GDPR), Chapter 5, Articles 44-50. The SAP Service and Support portfolio provides a practical solution that can help: the EU Access service from SAP.

The EU Access service from SAP restricts remote data access and data storage to the following countries, which have implemented the EU Data Protection Directive:

Customers from these countries as well as international customers with local affiliates and installations that process data under the EU data protection laws are eligible for the EU Access service from SAP for all SAP SuccessFactors solutions (except for SAP SuccessFactors Recruiting Posting). This service includes the following features:

  • Personal data is processed in EEA based data centers only.
  • Access to customers’ cloud systems and data is only possible from the EEA and Switzerland.
  • The incident process itself remains global, with 24×7 coverage.
  • All service level agreements remain unchanged.
  • An exception procedure is available for temporary deactivation.

Exception Handling

There may be times when support cases need to be processed by a person outside of the countries approved for the EU Access service from SAP. In this case, the specialist will attempt to reproduce the problem in a non-critical system – such as a development system or a system copy with anonymized data. If this is not possible, the “person-in-the-middle” procedure will apply, whereby a specialist outside of Europe will instruct the person in the middle on how to process an issue. Only an SAP employee or approved sub-processor in a country approved for the EU Access service from SAP will be able to act as the person in the middle for your system. The specialist outside of Europe will not be able to access your data stored in the Cloud Service.

If a specialist outside of Europe does need access to your data to address a critical situation that could significantly impact your company, you can request a temporary override of the EU Access service from SAP for a single incident. This request is completely under customer control and needs to be documented in each case in the incident.

All access or attempts to access data of the customer tenant are logged, and customers can request the logging files by opening a ticket.

How to Sign Up

New cloud customers can request EU Access from SAP when signing up with SAP for eligible cloud services. Existing cloud customers can request EU Access from SAP through their SAP account executive.

Learn more about how SAP SuccessFactors can help you prepare for the General Data Protection Regulation here.

Kim Lessley is director of Solution Management, Cloud Security, SAP SuccessFactors