Is your SAP Hybris C4C Solution GDPR ready…or not?

26 January 2018

Ankur Godre

Ankur Godre

Senior SAP C/4HANA Solutions Architect

Technology and its applications are changing at unimaginable speeds and so are the ways businesses operate. As a result, personal data usage has skyrocketed and become a tradeable commodity. Current European data protection laws are being strengthened with a new set of regulations. Is your SAP Hybris C4C Solution GDPR ready…or not?

General Data Protection Regulation for Data Privacy (GDPR) is the latest change that will soon be enforced. As Kevin Turnbull covers here it will have varied impacts including what, how, and when data is stored and retrieved.

Before we get into the detail, here’s a reminder of important dates: 

Date of GDPR Approval by EU parliament: 14th April 2016
GDPR Enforcement Date: 25th May 2018

If the basics of GDPR still perplexes you then get the facts here: GDPR is coming. Is your SAP environment ready?


GDPR in the context of customer engagement 

Given that GDPR is all about citizens’ data it will
be stored in various forms across a variety of IT applications and systems. As a result, it becomes even more crucial for all organizations which are running and maintaining applications to be well prepared and devise means to comply with the GDPR regulation. 

Since this data falls under the 'Personal Data' compliance part of GDPR, it is vital for organizations using SAP Hybris Cloud for Customer (Hybris C4C) to protect this data and ensure they are compliant with GDPR, ultimately safeguarding against paying heavy penalties for noncompliance.


How does Hybris C4C align to GDPR?

Hybris C4C has a solid framework to handle most of the common requirements of the GDPR regulation. When it comes to data regulation and compliance, there are two key aspects:
  • Data privacy - the collection and disposal of any data which is construed as private, confidential, or sensitive.
  • Data security - with the framework of measures implemented to protect/secure the Data which is considered private, confidential or sensitive.
Let’s look at the tools and capabilities available within Hybris C4C to comply with GDPR:

System security asset management & audits
Since SAP cloud solutions deal with business data from your core business processes, SAP adheres to the highest security & quality requirements and industry leading asset management practices and audit certifications. Read details about SAP cloud security management here: SAP Cloud Trust Center.

Communication channels and protocols
Hybris C4C uses the most secure HTTPS & SMTP protocols for transmitting application data, User credentials and confidential data. For all inbound communications, TLS1.0 or higher is required.

Secure login
Hybris C4C does not support anonymous access; it forces every user to authenticate themselves before accessing the application. 

Business roles and user access management
Hybris C4C specifies ‘business roles’, where users are assigned relevant access based on their job function within an organization. In order to restrict access, the business roles can be further customized to restrict access to certain WorkCenters (WC)/WorkCenter Views (WCV). 

Data privacy management
This capability is more contextual to GDPR since it provides direct measures to handle Data Privacy. Discover more on Data Privacy Management in Hybris C4C here.

The essential piece in all of this is that organizations need to identify and assign the right individual to be responsible for performing these tasks, given the access this person will have to highly confidential personal data.
 

GDPR requirements covered in SAP Hybris C4C

 

Download the PDF version here
 

Still on SAP CRM on-premise? Here’s a thought

Given the changes in the underlying technology, platforms, compliance and regulations, it’s now time for CRM on-premise customers to reconsider their investment. There is a need to re-evaluate the pros and cons of continuing to use it against moving to a more advanced, solution, which is aligned with GDPR on an agile cloud platform…. namely Hybris C4C.

The question is – how long will these customers take to transition their old landscapes to the latest ones? Early adopters always have an edge over competitors; it’s not just about moving quickly, but also making decisions which are based on the long term implications for the market they are operating in.

The bottom line is that customers’ technology landscapes need to be road mapped to ensure they stay one step ahead of their competitors and compliance!

 
View comments

Comments

Blog post currently doesn't have any comments.

Security code

About the author

Ankur Godre

Senior SAP C/4HANA Solutions Architect

Bluefin and SAP S/4HANA - welcome to the one horse race