GDPR: More Than Data Management, It’s About Governance

Neil Patrick

As you know, the General Data Protection Regulation (GDPR), or Regulation (EU) 2016/679, is the revision to the European Union (EU) data protection law that becomes enforceable on May, 25 2018. Lately, I’ve been noticing that several software solutions and presentations focus on the data management aspects of GDPR—the “consent, deleting, blocking, retention” spectrum of GDPR compliance. Of course, this is necessary, and a good starting point.

However, the challenge posed to companies by GDPR is more about the organisational and procedural changes that will be necessary to demonstrate that a company is taking seriously the need to protect personal data as a business-as-usual regime through all echelons of stakeholders, operations, technology, and partnerships.

GDPR: It’s complicated

The figure below indicates why this is necessary. It shows the complexity of GDPR by linking interrelationships between the 99 articles in the regulation.

Almost half of the articles in GDPR are related to business procedures associated with policies, record-keeping, and accountabilities of roles and entities in order to demonstrate that a company’s approach to handling personal data is taken as seriously as the regulation requires.

Processing shall be lawful only if the data subject has given consent to processing of personal data (or one of the other five reasons) for a specific purpose, and each purpose must be distinct. Each data-processing activity must connect to a purpose that has a finite business scope, specific lawful reasons for conducting it, and a finite lifetime.

The fact that so many of the articles reference each other indicates the need for robust, enterprise-ready, holistic policy and process compliance software to address this plate of regulatory spaghetti. The governance is a challenge.

Why GDPR is a bit like wiretapping

Let me use wiretapping as a topical analogy to separate the technical from the  governance aspects.

Conducting modern wiretapping is a technical task requiring modern technology, leading-edge software, and smart and experienced people. This is the equivalent of the data-play conversation in GDPR: how to tag data, delete data, block access to it, archive it with legal retention periods, and so on.

However, the parallel activity—and many would argue a more important aspect—is the actual governance of wiretapping. This governance includes whether a wiretapping should take place, who approves it, what is the duration and scope, and what levels of intrusion are acceptable. This is the equivalent of the governance of GDPR, or the meat that the supervising authorities will want to pick over as evidence of compliance.

The controller’s responsibilities

GDPR Article 5 Chapter 2 requires that “the controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”

I was talking to someone recently who picked out Article 30 as a troublesome area. To help me understand it, I created a mind-map diagram that spells out in detail the record-keeping requirements of processors and controllers.

Data processors now have direct obligations, like controllers. They must maintain a written record of the processing categories carried out on behalf of each controller, and notify each controller as they become aware of a data breach without undue delay.

Controllers must maintain a written record of processing activities.

So as in the wiretapping analogy, it’s not enough to be able to technically achieve the requirement. Tight governance must be maintained on how the task is managed.

Compliance must be done, and be seen as done

The governance complexity becomes an almost exponential equation:

  • Multiply these duties by number of purposes (with dates when they expire), business activities, and new initiatives
  • Factor in business units engaged in all or parts of these activities
  • Add software systems that deliver the content and analysis
  • And finally, consider categories of data subjects, categories of processing, post-processing retention requirements, subprocessors, and relevant contact people.

Companies need to document all of these and be able to show  evidence to the regulator. In other words, the governance expectations of data controllers and data processors is significant. And this is really why companies have been given two years to implement GDPR—because to demonstrate compliance with the regulation (and avoid the eye-watering fines), an organisation must show ongoing and systematic accountability, good governance, and sustainable procedures to the regulator.

Learn more

Follow this link for more information on control monitoring and risk management.

This article, GRC Tuesdays: GDPR Is about More Than Data Management, It’s about Governance, originally appeared on the SAP BusinessObjects Analytics blog and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter)|LinkedIn|Facebook|YouTube


Neil Patrick

About Neil Patrick

Dr. Neil Patrick is a Director of SAP Centre of Excellence for GRC & Security covering EMEA. He has over 12 years’ experience in Governance, Risk Management and Compliance (GRC) & Security fields. During this time he has been a managing consultant, run professional services delivery teams in the UK and USA, conducted customer business requirements sessions around the world, and sales and business development initiatives. Neil has presented core GRC and Security thought leadership sessions in strategic customer-facing engagements, conferences and briefing sessions.

SAP's Finance Transformation Story

Christian Klein

SAP is one of the largest and most well-established software companies in the world. That said, we still experience the same pressure as other organizations: We need to keep up in this era of digital transformation. Our customers and peers can learn from our progress and success, so we have a responsibility to share our story. For SAP, our digital transformation has meant a continual shift in processes and priorities to meet customer needs.

Our vision

We do this with three key areas of emphasis that must come together in order to be successful. “Right Processes” refers to standardization and simplification of internal processes. “Right Data” means we analyze high-quality data to make informed decisions. We use the “Right Solutions,” our standard technology, to make our transformation real.

We face challenges in our finance department that you may experience, as well. Finance needs to support new business models and sales channels, deal with compliance and inflexible systems, and put pressure to deliver real-time visibility across the organization and efficiency within the finance organization. Our finance transformation story shows how our latest technology supports our transformation.


Life was simpler 15 years ago at SAP. We had a very straightforward, uniform business model, selling software with licenses, associate maintenance, and services. We had a consistent global go-to-market, pricing, and marketing approach that allowed us to decentralize our organizational structure.

Back then, local general managers basically ran integrated subsidiaries. They used a central ERP instance for core processes, and slim consolidation of corporate functions fostered process harmonization, but there were local variations and exceptions.

In 2007, we began a series of acquisitions that necessitated a more centralized model. Now, subscription, consumption, and pay-as-you-go transaction models require new processes and a simplified structure.


For go-to-market units and functions like finance, HR, and marketing, we sought standardization across global lines of business and transactional processes.

Now, local market units have two finance roles: macro steering support for general management and commercial deal support to serve customers. Accounting, IFRS reporting, high-volume business contracting, receivables management, and procure-to-pay are handled in shared service centers, enabling a “follow the sun” approach in our closing process.

The right solution for our internal operations is our own state-of-the-art, in-memory database. We are a frontrunner in implementation of our own tools, proving we can run an end-to-end enterprise at scale on this technology. We create an in-depth feedback loop that ensures that we know early on what is needed to build relevant, mature solutions.

In 2012, we began using the database for pipeline data. That year, general managers no longer needed paper reports. Mobile dashboards allowed real-time reporting, analyzing, and splicing and dicing capabilities.

In 2013, we moved our main systems over to the in-memory database (ERP, business warehouse, CRM, and so on). This was an intense effort because many of our systems were utilizing old setups. We dealt with issues that might sound familiar: Outdated pieces in our systems were interfering with migration.

Early in 2014, we migrated ERP finance and controlling. Cleanup for the previous go-live made this “brownfield” implementation possible.

Powered by in-memory

We are proud of our highly integrated system landscape with reporting from within the transactional system. We get a truly 360-degree view of the company for real-time decision-making, benefitting SAP in three key ways.

Flexibility: Our real-time finance platform is a global single source of truth, allowing aggregation, definition, and analysis of hundreds of granular attributes. Financial and managerial accounting are automatically in sync, and we get immediate, “on the fly” reporting on any device. No time-consuming reconciliations or expensive detours through a business warehouse; steering is now business-centric, not spreadsheet-centric. This is big.

Throughput: The closing process is one example of an improved system throughput. We can now close for the entire group in eight days. Our next forecast therefore starts even earlier. The result is better, quicker access to insights, making us a valuable business partner.

We develop products worldwide in 15 major R&D centers, with chargebacks for all categories and lots of allocations across costs and revenue sides – a huge process for intercompany reconciliation. Before migration, this took 26 hours; now, it takes about four.

Our people in financial planning and analysis spend less time producing reports, instead focusing on value-adding core tasks like data analysis, decision support, and performance improvements.

Productivity: Improved user interfaces provide productivity gains through efficient, simple analytical and transactional applications. When managing working capital, we generate real-time insight into cash collection patterns that may pose a risk, and account executives can use the insight to make alternate payment arrangements with customers. Think about what that means for doing business in volatile environments. We proactively detect risks and mitigate impact through the tightening of payment terms or revenue cycles. We collaborate in ways not possible before, when groups had been working in silos.

Our people

I strongly recommend taking a holistic view of data, system architecture, processes, and people when planning and implementing your full business process redesign and digital transformation. Determining what can be simplified and improved during this process maximizes your effort. Remember – your people will fuel the change, and their skills and experiences can be improved as well.

The cost savings from our software implementation, standardization, and centralization led to a tenfold increased investment in learning and training since 2013. We want to prepare our people and enable them for the success ahead. Automation, simulation, and predictive analytics across devices will continue to empower us.

Thanks to our collective efforts, we save time, money, and headaches – together as “One SAP.”

Learn more

To learn more about leadership in finance, read the Oxford Economics study “How Finance Leadership Pays Off: Six Ways CFOs Stay Ahead of the Pack.” Oxford Economics recently surveyed 1,500 finance executives to understand the attitudes of finance professionals toward the function’s changing requirements and challenges. Listen to the Webinar “How Finance Leadership Pays Off” on demand.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Christian Klein

About Christian Klein

Christian Klein is the chief operating officer and chief controlling officer at SAP. His main focus is ensuring that the SAP organization is stable and ready to deliver for customers and end users, while always simplifying and improving the way it does business. He believes that SAP is successful because the company employs top talent and emphasizes working as “One SAP,” always in the interests of both SAP and of our customers. Christian built his career at SAP, starting as a student and working his way up through a variety of meaningful experiences. In his spare time, he enjoys skiing and and 1. FC Köln - football. Follow him on Twitter: @ChrstnKlein

Collaboration: The Effective Finance Function’s Magic Ingredient

Joan Warner

Part 4 in a series. Read Part 1,  Part 2, and Part 3.

When we set out to study what the most successful finance executives do differently, we determined that regular collaboration with other parts of the organization is a must for what we call “finance leadership.” Our hypothesis: Business performance improves when the finance team exerts widespread influence.

Sure enough, our new research bears this out. In “How Finance Leadership Pays Off: Six Ways CFOs Stay Ahead of the Pack,” SAP partnered with Oxford Economics to survey 1,500 executives across industries and global regions. The select 11.5% of survey respondents who qualified as “finance leaders” work closely with business areas where finance may not traditionally have been highly visible, including functions like marketing, sales, research and development, and customer service. Their involvement in these areas could explain why, among our survey respondents, leaders were more than twice as likely as non-leaders to reported their organization’s market share grew over the past year.

Effective collaboration between finance and other functions is a hallmark of successful businesses. For example, a whopping 87% of companies with 5.1%–10% revenue growth say finance collaborates effectively with IT, vs. 65% of companies with revenue growth below 5%. And three-quarters of the fastest-growing companies report effective collaboration between finance and R&D, compared with 54% in the 0.1%–5% growth group.

“Collaboration is not a ‘nice to have’—it’s a requirement,” says Julian Whitehead, CFO of Airbus Defence and Space. “Clearly, if you want to be in the front end of the business, you’ve got to have a trusting relationship with sales and marketing, you’ve got to be involved with the engineering and operations teams, and you have to have some relationship also with the human resources team.”

The power of analytics

Collaborative finance can have a powerful impact on performance. In fact, we found that 46% of companies with zero or negative revenue and profit growth say an isolated finance function is keeping them from achieving their business goals. That percentage shrinks to 28% among respondents whose revenues are growing by 5.1%–10%.

According to Deloitte Consulting LLP managing director Sam Parikh, who advises organizations on large-scale financial transformation projects, improvements in information technology, especially analytics, are helping finance executives work more closely with their internal customers—the business operating units. CFOs are reaching out and becoming more client-facing, he says. The relationship then becomes mutually beneficial.

“Once the operating units see the power of analysis that finance can provide, they understand the value of the finance function, which in turn allows the CFO to play the strategic role more effectively,” Mr. Parikh explains. “It’s a win-win situation.”

Please click here to explore the full study, and check back with Digitalist Magazine for future blogs featuring more results.


Joan Warner

About Joan Warner

Joan Warner is managing editor and senior analyst for Financial Services at Oxford Economics. Joanie joined Oxford in February 2016 from The Financial Times, where she managed subsidiary publications covering the wealth management industry and corporate governance. Prior to that, she covered international finance and European business for BusinessWeek magazine, where she worked for nearly 20 years. Joanie was also a contributing editor at Institutional Investor and has written and edited reports for Morgan Stanley, McKinsey, PwC, and former hedge fund FrontPoint Partners. She holds an MA in Comparative Literature and a BA in Classics, both from Harvard University.

Taking Learning Back to School

Dan Wellers


Denmark spends most GDP on labor market programs at 3.3%.
The U.S. spends only 0.1% of it’s GDP on adult education and workforce retraining.
The number of post-secondary vocational and training institutions in China more than doubled from 2000 to 2014.
47% of U.S. jobs are at risk for automation.

Our overarching approach to education is top down, inflexible, and front loaded in life, and does not encourage collaboration.

Smartphone apps that gamify learning or deliver lessons in small bits of free time can be effective tools for teaching. However, they don’t address the more pressing issue that the future is digital and those whose skills are outmoded will be left behind.

Many companies have a history of effective partnerships with local schools to expand their talent pool, but these efforts are not designed to change overall systems of learning.

The Question We Must Answer

What will we do when digitization, automation, and artificial intelligence eject vast numbers of people from their current jobs, and they lack the skills needed to find new ones?

Solutions could include:

  • National and multinational adult education programs
  • Greater investment in technical and vocational schools
  • Increased emphasis on apprenticeships
  • Tax incentives for initiatives proven to close skills gaps

We need a broad, systemic approach that breaks businesses, schools, governments, and other organizations that target adult learners out of their silos so they can work together. Chief learning officers (CLOs) can spearhead this approach by working together to create goals, benchmarks, and strategy.

Advancing the field of learning will help every business compete in an increasingly global economy with a tight market for skills. More than this, it will mitigate the workplace risks and challenges inherent in the digital economy, thus positively influencing the future of business itself.

Download the executive brief Taking Learning Back to School.

Read the full article The Future of Learning – Keeping up With The Digital Economy


Dan Wellers

About Dan Wellers

Dan Wellers is the Global Lead of Digital Futures at SAP, which explores how organizations can anticipate the future impact of exponential technologies. Dan has extensive experience in technology marketing and business strategy, plus management, consulting, and sales.


Why Millennials Quit: Understanding A New Workforce

Shelly Kramer

Millennials are like mobile devices: they’re everywhere. You can’t visit a coffee shop without encountering both in large numbers. But after all, who doesn’t like a little caffeine with their connectivity? The point is that you should be paying attention to millennials now more than ever because they have surpassed Boomers and Gen-Xers as the largest generation.

Unfortunately for the workforce, they’re also the generation most likely to quit. Let’s examine a new report that sheds some light on exactly why that is—and what you can do to keep millennial employees working for you longer.

New workforce, new values

Deloitte found that two out of three millennials are expected to leave their current jobs by 2020. The survey also found that a staggering one in four would probably move on in the next year alone.

If you’re a business owner, consider putting four of your millennial employees in a room. Take a look around—one of them will be gone next year. Besides their skills and contributions, you’ve also lost time and resources spent by onboarding and training those employees—a very costly process. According to a new report from XYZ University, turnover costs U.S. companies a whopping $30.5 billion annually.

Let’s take a step back and look at this new workforce with new priorities and values.

Everything about millennials is different, from how to market to them as consumers to how you treat them as employees. The catalyst for this shift is the difference in what they value most. Millennials grew up with technology at their fingertips and are the most highly educated generation to date. Many have delayed marriage and/or parenthood in favor of pursuing their careers, which aren’t always about having a great paycheck (although that helps). Instead, it may be more that the core values of your business (like sustainability, for example) or its mission are the reasons that millennials stick around at the same job or look for opportunities elsewhere. Consider this: How invested are they in their work? Are they bored? What does their work/life balance look like? Do they have advancement opportunities?

Ping-pong tables and bringing your dog to work might be trendy, but they aren’t the solution to retaining a millennial workforce. So why exactly are they quitting? Let’s take a look at the data.

Millennials’ common reasons for quitting

In order to gain more insight into the problem of millennial turnover, XYZ University surveyed more than 500 respondents between the ages of 21 and 34 years old. There was a good mix of men and women, college grads versus high school grads, and entry-level employees versus managers. We’re all dying to know: Why did they quit? Here are the most popular reasons, some in their own words:

  • Millennials are risk-takers. XYZ University attributes this affection for risk taking with the fact that millennials essentially came of age during the recession. Surveyed millennials reported this experience made them wary of spending decades working at one company only to be potentially laid off.
  • They are focused on education. More than one-third of millennials hold college degrees. Those seeking advanced degrees can find themselves struggling to finish school while holding down a job, necessitating odd hours or more than one part-time gig. As a whole, this generation is entering the job market later, with higher degrees and higher debt.
  • They don’t want just any job—they want one that fits. In an age where both startups and seasoned companies are enjoying success, there is no shortage of job opportunities. As such, they’re often looking for one that suits their identity and their goals, not just the one that comes up first in an online search. Interestingly, job fit is often prioritized over job pay for millennials. Don’t forget, if they have to start their own company, they will—the average age for millennial entrepreneurs is 27.
  • They want skills that make them competitive. Many millennials enjoy the challenge that accompanies competition, so wearing many hats at a position is actually a good thing. One millennial journalist who used to work at Forbes reported that millennials want to learn by “being in the trenches, and doing it alongside the people who do it best.”
  • They want to do something that matters. Millennials have grown up with change, both good and bad, so they’re unafraid of making changes in their own lives to pursue careers that align with their desire to make a difference.
  • They prefer flexibility. Technology today means it’s possible to work from essentially anywhere that has an Internet connection, so many millennials expect at least some level of flexibility when it comes to their employer. Working remotely all of the time isn’t feasible for every situation, of course, but millennials expect companies to be flexible enough to allow them to occasionally dictate their own schedules. If they have no say in their workday, that’s a red flag.
  • They’ve got skills—and they want to use them. In the words of a 24-year-old designer, millennials “don’t need to print copies all day.” Many have paid (or are in the midst of paying) for their own education, and they’re ready and willing to put it to work. Most would prefer you leave the smaller tasks to the interns.
  • They got a better offer. Thirty-five percent of respondents to XYZ’s survey said they quit a previous job because they received a better opportunity. That makes sense, especially as recruiting is made simpler by technology. (Hello, LinkedIn.)
  • They seek mentors. Millennials are used to being supervised, as many were raised by what have been dubbed as “helicopter parents.” Receiving support from those in charge is the norm, not the anomaly, for this generation, and they expect that in the workplace, too.

Note that it’s not just XYZ University making this final point about the importance of mentoring. Consider Figures 1 and 2 from Deloitte, proving that millennials with worthwhile mentors report high satisfaction rates in other areas, such as personal development. As you can see, this can trickle down into employee satisfaction and ultimately result in higher retention numbers.

Millennials and Mentors
Figure 1. Source: Deloitte

Figure 2. Source: Deloitte

Failure to . . .

No, not communicate—I would say “engage.” On second thought, communication plays a role in that, too. (Who would have thought “Cool Hand Luke” would be applicable to this conversation?)

Data from a recent Gallup poll reiterates that millennials are “job-hoppers,” also pointing out that most of them—71 percent, to be exact—are either not engaged in or are actively disengaged from the workplace. That’s a striking number, but businesses aren’t without hope. That same Gallup poll found that millennials who reported they are engaged at work were 26 percent less likely than their disengaged counterparts to consider switching jobs, even with a raise of up to 20 percent. That’s huge. Furthermore, if the market improves in the next year, those engaged millennial employees are 64 percent less likely to job-hop than those who report feeling actively disengaged.

What’s next?

I’ve covered a lot in this discussion, but here’s what I hope you will take away: Millennials comprise a majority of the workforce, but they’re changing how you should look at hiring, recruiting, and retention as a whole. What matters to millennials matters to your other generations of employees, too. Mentoring, compensation, flexibility, and engagement have always been important, but thanks to the vocal millennial generation, we’re just now learning exactly how much.

What has been your experience with millennials and turnover? Are you a millennial who has recently left a job or are currently looking for a new position? If so, what are you missing from your current employer, and what are you looking for in a prospective one? Alternatively, if you’re reading this from a company perspective, how do you think your organization stacks up in the hearts and minds of your millennial employees? Do you have plans to do anything differently? I’d love to hear your thoughts.

For more insight on millennials and the workforce, see Multigenerational Workforce? Collaboration Tech Is The Key To Success.