Documente Academic
Documente Profesional
Documente Cultură
You can also track the completion of your PIA. Once you’ve
captured everything within SAP Process Control, you’ll have a
view on whether any self-assessments have been completed
in their entirety - then you can use the tool to escalate issues
and plan remediation activities where required.
Fig 3: Example ‘Disclosure survey’ Fig 4: Example ‘Data protection impact assessment (DPIA)’
Section 4
GDPR controls, policies & reporting
A key element of GDPR preparation is creating a control Putting a tool such as SAP GRC Process Control at the heart
framework that helps you demonstrate your ongoing of your GDPR compliance efforts will also pay dividends
compliance. should your organisation be subjected to a compliance audit.
By capturing and storing GDPR-related documentation and
With the significant consequences of non-compliance, it’s controls-related data, you are storing up the information
essential to put a number of controls in place that allow you required by the regulator on an ongoing basis. A proactive
to understand whether or not you’re meeting your compliance approach like this is likely to make your first GDPR
objectives. compliance audit a lot less painful than it could be.
With so much noise around the General Data Protection Regulation (GDPR) it can be difficult to know where to turn for
guidance. The important thing to remember is that the need for a robust strategy for data protection and controls across your
SAP landscape is nothing new. It’s just that the consequences of managing this badly are becoming much more severe.
However you decide to approach GDPR, the right tools, processes and skill-sets are going to be key. The SAP GRC suite
can help you automate and streamline your approach, yet technology alone will only take you so far. Experience of
designing and implementing security, compliance and data protection strategies in SAP environments is critical. There will
be many self-appointed GDPR experts offering one-size-fits-all solutions to make you compliant. But without a thorough
understanding of the nuances and complexities of your organisation, such attempts would be a wasted investment. Be sure
to tread carefully.
The suggestions outlined in this guide are aimed to provide some key technology-focused insights to help you in your
journey. But this is by no means an exhaustive set of recommendations. We suggest looking at GDPR readiness through the
lens of people and process too. If you’d like to understand how this could be applied to your organisation, please get in touch.
It works with service providers, audit partners and SAP clients directly to provide the security controls and solutions that safeguard and complement a company’s implementation of an SAP
system. Clients include some of the world’s largest blue-chip companies alongside systems integrators and a number of government agencies.
Head Office
Turnkey Consulting Ltd
58 Ayres Street
London
SE1 1EU