Written by: Thierry Julien, @thjulien.
The implementation of GDPR on ERP systems is complex, to put it mildly. It is a building block of the GDPR that is often overlooked and then forgotten.
No-one is supposed to ignore the law!
An appealing idea?
Or better still, no-one is supposed to ignore the law.
- Citizens may be satisfied with the Civil Code and the Penal Code.
- The property owning citizen will have to incorporate real estate law.
- The employee and the entrepreneur will have tax law at heart.
- The entrepreneur will be interested in commercial law, and often international law as well.
With the GDPR, data law is still evolving. The retention periods for personal data have become a hot topic of conversation, but certain rights take precedence. Therefore, it has become necessary not to overlook a legal obligation before getting started.
Are we truly aware of the rights that apply to us? In the digital field, for example, platforms’ responsibility is based on the following rights: Banking Law, Tax Law, Self-Employment Law, Press Law, Fake News Law, Competition Law, Personal Data Law and Consumer Law. If I have forgotten any, I do apologise.
To sum up, the rights are numerous, not necessarily compatible, and mostly national.
For example, the idea that a GDPR project in your SAP system will enable you to reduce almost all the data after 2 to 3 years, on the pretext that your business processes are mostly completed by that time, means opening up a credit line on your account for the administration.
In contrast, retaining information to be able to respond to a tax audit or a particular obligation, even if access to it is limited, is effective leverage.
Defining a reasonable and rational boundary is one of the key success factors. An approach to operational compliance will be more effective if it starts with an initial assessment, which will reduce the project scope by avoiding what is not a source of risk and identifying what justifies retention.
This is the essence of TJC’s approach to implementing GDPR solutions on SAP systems.