Soccer team in a huddle

SAP SuccessFactors, Data Protection and Privacy, and the GDPR

Feature Article | December 14, 2017 by Greg Tomb

Data protection and privacy in our digital, connected world is taking center stage. Balancing how we continue to innovate, and expand our global product and service offerings, while staying compliant with fast moving changes in the realm of data protection and privacy regulations, is something we are committed to at SAP.


“However fast regulation moves, technology moves faster. Especially as far as data is concerned.”

– Elizabeth Denham, UK Information Commissioner


One of the most highly-topical and significant challenges ahead today is the General Data Protection Regulation or GDPR, which is a huge deal in any company doing business in Europe. Or doing business with any EU citizen, regardless of where the organization is located. The GDPR reminds us that regulations are changing fast, and the fines are steep.

Beyond individual regulations, as far-reaching as they are, data security concerns while processing personal data are right on the doorstep of all of us – think about the recent Equifax data breach where 143 million American consumers’ personal data was exposed, or the breach of confidential data this summer in Sweden that may have disclosed the identities of undercover agents working for the Swedish security service and Swedish police. These and other stories are just a few examples of what’s increasing in frequency and severity.

Our job is to take the worry from you.

Focus on Secure Data

SAP has always focused on compliance and data protection, going back to our 1972 founding. And we continually look for better ways to secure data in transit, at rest, and in use.

SAP SuccessFactors HCM Suite, with its foundational solutions SAP SuccessFactors Employee Central and SAP SuccessFactors Employee Central Payroll, was built with a commitment to lead as a global and localized solution, addressing legal local compliance and practices. To date, our solutions have been localized for 84 countries – with new geographies added every year – and cover 42 languages, a number we also continue to grow. As legal and regulatory changes occur, we own the responsibility of providing ongoing updates across the suite. We have over 30 years of experience delivering globally, and locally compliant, HCM solutions – including 15 years delivering cloud-based HCM applications. We have hundreds of employees in more than 130 countries giving us the ability to stay on top of these ever-changing compliance requirements across the globe.

While GDPR is the latest, and one of the most significant, compliance regulations to gain a lot of press, don’t expect it to be the last. With GDPR, fines are set at four percent of annual global revenue or €20 million … whichever is greater. Clearly most organizations can’t afford that, or the resulting loss of reputation—and the consequence for smaller enterprises may be unrecoverable.

How We’re Helping You Address GDPR

We’re committed to ensuring our customers meet the data privacy and protection challenges, and protect the confidentiality, integrity, and availability of their data in our highly-regulated world. We’ve addressed previous data regulations by standing up Data Center operations in countries like Russia and Brazil, and we’re preparing for GDPR by actively enhancing our products so you’re ready to meet these new requirements and others to come.

Particular areas of enhancement related to GDPR requirements cover consent management, data blocking, data retention and purge, read and edit logging, as well as reporting. We’ll deliver these features—as part of the subscription—during our quarterly SAP SuccessFactors release cycles. A number of features came with our November quarterly release, with many more to come in the February release, ahead of the May 25, 2018 enforcement date.

We’re also planning to introduce the latest of our centers, the SAP SuccessFactors Privacy Center, which will be your one-stop shop for visualizing and managing compliance and regulatory activities. Watch for more news on the Privacy Center in mid-2018.

How else are we helping you based on our current footprint? One way is through our SAP Cloud Trust Center, where we proactively publish information about our certifications and attestations, data processing agreements, and real-time cloud solution availability. We operate 13 data centers around the world, giving you the option of where your data is processed. We also offer the EU Access service to customers who want to ensure that personal data is processed in European data centers only, and that access to your cloud systems and data is only possible from the EU, EEA and Switzerland.

Data protection and security is centered on trust. People want to trust that companies are doing the right things to keep their personal data secure. When we see that an organization has failed to keep data secure and a breach occurs, the impact goes directly to that company’s bottom line – potentially resulting in the loss of customers and employees, drop in share price, and other hazards of a tarnished reputation.

We all have a role to play here. Process and technology go hand in hand in ensuring data is protected. All of us in key roles at organizations impacted by these rules and regulations need to establish internal processes around how to handle personal data along with partnering with a trusted technology provider who can help ease the burden.

You can learn more about how SAP SuccessFactors can help you prepare for the General Data Protection Regulation here.

Greg Tomb is president of SAP SuccessFactors

Tags: , ,

Leave a Reply