The global and independent platform for the SAP community.

EU-DSGVO and Big Data

The trend in IT is clearly pointing in the direction of IoT, Industry 4.0 and the processing of huge volumes of data in in-memory databases - as with Hana. The requirements of the EU Data Protection Regulation must be taken into account right from the start.
Christian Ruoff, SEP
8 February 2018
It Security
avatar
This text has been automatically translated from German to English.

The good news first: Even with the EU GDPR, new technologies do not have to be abandoned. However, Big Data, Industry 4.0 and AI must be planned down to the last detail from the outset in terms of international data protection law.

In particular, the new obligations regarding "privacy by design/default" and the mandatory data protection impact assessment (DFA) must be taken into account. This is because the data protection-relevant actions to which the EU GDPR applies almost always involve the collection, processing and use of personal data.

This means that the entire data processing value chain is subject to data protection laws, from generation/collection to deletion. This has been concretized and tightened with the new regulation - in particular the rights to be forgotten, data rectification, erasure, blocking and data portability, as well as the obligation to notify data protection breaches.

The documentation requirements will be significantly expanded and extended to the processor in the future. The EU GDPR also extends the applicability of EU data protection regulations to processors and their clients in third countries.

Another new aspect is that in the future, data processors can be held (jointly) liable for data protection violations in the course of their commissioned data processing. The EU GDPR affects all companies that do business from the EU or maintain business relationships in the EU or collect, process and store (have stored) their data in EU member states, i.e. also companies or organizations based outside the EU.

For the design of Big Data, AI and digitization processes, further determining principles of EU data protection law must be taken into account, namely the fundamental prohibition of data processing of personal data with reservation of permission, the purpose limitation principle and the need for justification (law, consent).

This means that using data once available for other purposes or merging data with data from other sources or any change of purpose requires a new, additional justification.

This often leads to problems in these processes, as data must be torn from its original purpose context, merged, restructured and analyzed, and thus put to new uses.

Individual consent does not appear practicable here. Consent would only be effective if it was declared on a sufficiently informed basis and complied with the provisions of the law governing general terms and conditions, in particular the transparency requirement.

Another drawback is that consent can be revoked at any time. If legal justifications are available, these should be used. Alternatively, contract management would be required to ensure that the respective data processing is necessary for the initiation and fulfillment of a contract with the data subject(s), so that an appropriate design of the contractual relationships is the second means of choice. Only if and insofar as legal justifications do not intervene should the instrument of consent be used.

Another important point is that the data is also processed securely. This requires an appropriate data protection concept that also includes data backup. Here, the backup solution should be certified for the applications, as is the case with SEP for SAP applications in particular. This ensures that the original manufacturer support is not lost.

So you can see that the new regulation is intended to provide greater protection for personal data in particular, which naturally goes hand in hand with a stricter strategic orientation for data processing. Even though it appears to be more complicated, on the other hand it means that processing of personal data is still possible. Just more carefully than has usually been the case up to now.

 

https://e3mag.com/partners/sep-ag/

avatar
Christian Ruoff, SEP

Christian Ruoff is Head of Business Development at SEP


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.