GDPR and SAP: Is Compliance Possible in the Public Cloud?
Deadline day is fast approaching. When the EU General Data Protection Regulation (GDPR) enters into force on May 25, 2018, lawyers will already be prepared for action. Companies are at risk of heavy penalties – partially due to the fact that many have underestimated the considerable effort involved in fulfilling the strict legal requirements. This raises the question: What should you be aware of when hosting SAP landscapes in the public cloud?
In today’s world, where scandals concerning the misuse of data are increasingly common, the EU is pursuing a righteous aim by adopting the new GDPR legislation. It aims to protect every EU citizen’s fundamental right to privacy, primarily by protecting personal data. For many companies, ensuring compliance in practice is a huge task; the new regulation and its implications for businesses were neglected for a long time.
As a central component for business IT processes, SAP systems are at the core of the changes that are to be observed under the new data protection legislation. And this raises the question about whether it will remain possible to run the systems in a public cloud such as Amazon Web Services (AWS).
Ensuring Data Protection and Restricting Access
AWS has taken various measures in order to offer solutions in the areas where, as a provider, they are under obligation to adapt to the new regulation. For example, AWS is certified as compliant with the ISO 27018 standard and has a compliance control system. At the same time, AWS has also developed services and features to support its customers in fulfilling the new requirements.
This includes an extensive global data center infrastructure, giving you the freedom to choose which geographic regions your data is stored in. That also enables you to fulfill possible legal requirements concerning data location. Data can be encrypted both in transit and at rest, which, depending on your situation, can provide an appropriate level of security. You can also utilize other technical services, such as multi-factor authentication, certificate and encryption key storage, and firewall services to safeguard your applications.
Protect SAP Applications with NTT DATA Business Solutions
It is important to know that, as an infrastructure and platform service provider, Amazon delivers the technical public cloud environment. These technical options are necessary and serve as the foundations for running SAP applications in the public cloud. Of course, these services alone are not sufficient to ensure GDPR compliance. You still need to make sure that your firewalls are correctly configured, security updates are installed, your customers’ data is processed accurately, and that you possess and document the relevant confirmations. Alternatively, you could outsource these tasks to NTT DATA Business Solutions.
AWS and NTT DATA Business Solutions begun a collaboration in October 2017. As a customer, this means you can use the GDPR-compliant AWS infrastructure while letting NTT DATA Business Solutions take care of SAP implementation, migration, operation, and monitoring. Global services also include data governance and consultation regarding the operating model. How does an external service provider fit into the data protection requirements? Which applications and data should be migrated to the public cloud and which stay on premises? The answers to these questions can vary from company to company.
If you want to stay on the safe side with minimal internal effort, take a closer look at this offering.