The General Data Protection Regulation (GDPR) aims to protect all EU citizens from privacy and data breaches and will reshape the way organizations across the globe approach data privacy. As of May 2018, these regulations will be directly applicable in all EU and European Economic Area (EEA) member states.
While GDPR does not introduce many substantially new concepts, it does increase the compliance requirements on controllers (someone who determines the purposes and means of processing personal data) and on processors (someone who processes personal data on behalf of the controller).
Organizations found in breach of the regulation can expect fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to insolvency, and thus it is no surprise that GDPR is one of the issues keeping executives up at night. In today’s data-driven economy, the question on many people’s minds is how to use business data without violating data privacy regulations.
Data protection has always been a key component of SAP’s product standards, and we are constantly adapting those standards to reflect the new requirements brought in by GDPR and other data protection regulations around the world. We are committed to ensure compliance with the GDPR as a company by May 2018, as well as to develop our products to support our customers in applying applicable GDPR requirements to the fullest extent possible.
Getting to grips with data protection challenges
We have all heard by now that data is to this century what oil was to the last one: a growth driver. Companies today have massive amounts of data, but often, privacy concerns and the related legislation prevent them from using it. Just imagine what would be possible if you could analyze this data effectively while at the same time still ensuring and protecting privacy. You could identify patterns and trends and derive valuable insights, which in turn would lead to more informed decision making and new or improved business processes, models, and use cases.
For SAP HANA, our in-memory database and application development platform, we are working on developing a new customizable functionality that will allow customers to both anonymize live data and provide an anonymized view of live data in SAP HANA. Our vision is that companies will be able to protect sensitive data while still gaining valid statistical insights. At the same time, we are exploring a variety of different new data-centric analytic use cases on SAP HANA that will be able to use sensitive data while still complying with all the relevant privacy regulations. They range from telemetry and the Internet of Things, research, and data-as-a-service to benchmarking and archiving – and all without violating compliance/data protection regulations.
Let me give you some examples: Applications for car fleet management can help collect, map, store, and analyze vehicle and sensor data in real time. They could also provide aggregated statistics about a fleet based on telemetry data that is collected and stored per vehicle, such as position, speed, and fuel consumption. However, the use of this data for the purpose of such evaluations is restricted due to the privacy concerns of drivers and other stakeholders. Accessing this telemetry data through an anonymization layer would make this kind of evaluation possible without violating the individual driver’s privacy. New state-of-the-art anonymization methods ensure that analytics on the anonymized data still provide valuable analytical results. This makes previously impossible use cases possible – unlocking the true value of your data.
Or think about machine learning. Today, data is collected from an increasing variety of sources and the analytics applied are becoming more and more complex. While there are many benefits to be gained from these types of processing operations, when personal data is involved there are obviously implications for privacy and data protection. Anonymized correctly, companies can derive valuable insights and create added value.
Or did you know that you can keep personal data only for a limited period of time due to privacy laws? After that period of time, the personal data must be deleted. Anonymization, however, allows you to continue using the data for further analysis without compromising the privacy of individuals or violating privacy regulations.
Interested in finding out more? Then register for our free trial web service on SAP Cloud Platform that allows you to test our state-of-the-art anonymization methods yourself. The web service is independent of SAP HANA itself and free of charge. Customers can use it to try out the anonymization methods, let us know what they think, and we will make sure this feedback is included in the SAP HANA core implementation functionality.
Building a sustainable data protection foundation
Data anonymization goes beyond existing security functionality like masking and complements SAP HANA’s comprehensive security capabilities, allowing companies to stay in complete control of their data over the course of their digital transformation journey. In alignment with “Innovate with Confidence”, our mission statement for SAP HANA security, it allows companies to:
There is no doubt that new regulations will continue to increase the pressure on businesses to ensure data privacy, and the GDPR is just one example. With security and compliance being part of our core business, and data security and protection part of our DNA, SAP was, is, and remains your reliable partner for all your business challenges – now and in the future.
SAP HANA @ SAP TechEd Barcelona
Wednesday (Nov 15) from 2:30p.m.–3:30p.m.
SAP HANA: Delivering a Modern Data Framework
SVP Database & Data Management GTM and Innovation
Tuesday, November 14
Wednesday, November 15
Thursday, November 16