GDPR: More Than Data Management, It’s About Governance

Neil Patrick

As you know, the General Data Protection Regulation (GDPR), or Regulation (EU) 2016/679, is the revision to the European Union (EU) data protection law that becomes enforceable on May, 25 2018. Lately, I’ve been noticing that several software solutions and presentations focus on the data management aspects of GDPR—the “consent, deleting, blocking, retention” spectrum of GDPR compliance. Of course, this is necessary, and a good starting point.

However, the challenge posed to companies by GDPR is more about the organisational and procedural changes that will be necessary to demonstrate that a company is taking seriously the need to protect personal data as a business-as-usual regime through all echelons of stakeholders, operations, technology, and partnerships.

GDPR: It’s complicated

The figure below indicates why this is necessary. It shows the complexity of GDPR by linking interrelationships between the 99 articles in the regulation.

Almost half of the articles in GDPR are related to business procedures associated with policies, record-keeping, and accountabilities of roles and entities in order to demonstrate that a company’s approach to handling personal data is taken as seriously as the regulation requires.

Processing shall be lawful only if the data subject has given consent to processing of personal data (or one of the other five reasons) for a specific purpose, and each purpose must be distinct. Each data-processing activity must connect to a purpose that has a finite business scope, specific lawful reasons for conducting it, and a finite lifetime.

The fact that so many of the articles reference each other indicates the need for robust, enterprise-ready, holistic policy and process compliance software to address this plate of regulatory spaghetti. The governance is a challenge.

Why GDPR is a bit like wiretapping

Let me use wiretapping as a topical analogy to separate the technical from the  governance aspects.

Conducting modern wiretapping is a technical task requiring modern technology, leading-edge software, and smart and experienced people. This is the equivalent of the data-play conversation in GDPR: how to tag data, delete data, block access to it, archive it with legal retention periods, and so on.

However, the parallel activity—and many would argue a more important aspect—is the actual governance of wiretapping. This governance includes whether a wiretapping should take place, who approves it, what is the duration and scope, and what levels of intrusion are acceptable. This is the equivalent of the governance of GDPR, or the meat that the supervising authorities will want to pick over as evidence of compliance.

The controller’s responsibilities

GDPR Article 5 Chapter 2 requires that “the controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”

I was talking to someone recently who picked out Article 30 as a troublesome area. To help me understand it, I created a mind-map diagram that spells out in detail the record-keeping requirements of processors and controllers.

Data processors now have direct obligations, like controllers. They must maintain a written record of the processing categories carried out on behalf of each controller, and notify each controller as they become aware of a data breach without undue delay.

Controllers must maintain a written record of processing activities.

So as in the wiretapping analogy, it’s not enough to be able to technically achieve the requirement. Tight governance must be maintained on how the task is managed.

Compliance must be done, and be seen as done

The governance complexity becomes an almost exponential equation:

  • Multiply these duties by number of purposes (with dates when they expire), business activities, and new initiatives
  • Factor in business units engaged in all or parts of these activities
  • Add software systems that deliver the content and analysis
  • And finally, consider categories of data subjects, categories of processing, post-processing retention requirements, subprocessors, and relevant contact people.

Companies need to document all of these and be able to show  evidence to the regulator. In other words, the governance expectations of data controllers and data processors is significant. And this is really why companies have been given two years to implement GDPR—because to demonstrate compliance with the regulation (and avoid the eye-watering fines), an organisation must show ongoing and systematic accountability, good governance, and sustainable procedures to the regulator.

Learn more

Follow this link for more information on control monitoring and risk management.

This article, GRC Tuesdays: GDPR Is about More Than Data Management, It’s about Governance, originally appeared on the SAP BusinessObjects Analytics blog and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter)|LinkedIn|Facebook|YouTube


Neil Patrick

About Neil Patrick

Dr. Neil Patrick is a Director of SAP Centre of Excellence for GRC & Security covering EMEA. He has over 12 years’ experience in Governance, Risk Management and Compliance (GRC) & Security fields. During this time he has been a managing consultant, run professional services delivery teams in the UK and USA, conducted customer business requirements sessions around the world, and sales and business development initiatives. Neil has presented core GRC and Security thought leadership sessions in strategic customer-facing engagements, conferences and briefing sessions.

Transformation Ahead, Part 2: 10 Trends Shaping The Future Of Finance

Randy Garrison

Part 2 of the 4-part “Transformation Ahead” series

I am seeing several key trends that are poised to make a major impact on the future of the finance organization. As I wrote in the first blog in this series, CFOs must be prepared to adapt to these changes, beginning with Trend #1: the evolving role of finance in supporting and executing business strategy. 

Following are three additional trends that CFOs should consider, along with examples of leading finance organizations that have embraced change in these areas.

Trend 2. Finance organizations will implement finance platforms, not ERP software.

The introduction of in-memory database technology allows businesses to gain insight from massive volumes of data while using systems for both transactional and analytical purposes. Thanks to these developments, financial ledgers are becoming data platforms for both transactional and analytical processing.

Platforms are being delivered with additional intellectual property as add-on capabilities. For example, professional service firms such as PwC, Deloitte, Ernst & Young, and Accenture are including their IP into applications built on SAP Cloud Platform. By extending the original capabilities of the platform around tax optimization or profitability analysis, this IP will broaden the choice of solutions and increase the speed and depth of functionality for finance organization.

When choosing financial solutions, executives must consider the openness of the platform and the availability of these advanced capabilities. CFOs should look beyond the immediate product features and functions and choose a financial solution based on the strength of a vendor’s platform and ecosystem.

Trend 3. Critical financial processes will be highly automated.

“Lights-out finance” will be part of every CFO’s future. Accounting that runs 24/7, using technologies such as artificial intelligence, will allow nearly full automation in traditional processes such as record-to-report, procure-to-pay, and order-to-cash. The need for shared service centers will shrink dramatically, allowing companies to redeploy scarce human capital to support high-value-added activities. Business networks will also digitize the information flow between companies and suppliers without breaks.

At SAP, revamping our finance processes helped us steer business model innovation beyond ERP. We have implemented several automated technologies that reduced the percentage of expenses dedicated to back-office, transactional costs from 65% to 40%. Automation also helped us lower the cost of finance as a percentage of revenue.

Trend 4. Finance will own true enterprise risk management.

Considering the incredibly high stakes of failure, it’s not surprising that finance would become the owner of enterprise risk management. Fortunately for CFOs, technology is increasingly enabling enhanced insight into the organization, removing silos and creating a true enterprise-wide view of the business that supports risk mitigation.

As this technology matures, proactive risk management strategies will become common, and they will be driven by requirements at the supervisory board level. This will not be limited to an enterprise view. As business networks become increasingly prominent, the view of enterprise risk management will extend throughout a company’s ecosystem, further enhancing capabilities in this critical area.

In my next blog, I’ll look at analytics, continuous processes, and automation – major developments that will disrupt finance. You can read more about finance solutions at

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Randy Garrison

About Randy Garrison

Randy Garrison is vice president, Global Line of Business Finance and Head of Value Advisory at SAP. The LoB Finance organization is responsible for the full suite of SAP solutions for the Office of the CFO.

Randy has held several roles at SAP, most recently in leadership within SAP’s Services business. In these roles, he has led both large and small teams focused on analytics strategy, data strategy, business transformation, Big Data, and so on, focused on the implementation, adoption, and value realization of SAP’s products.

Randy is a Certified Public Accountant, Certified Management Accountant, Chartered Global Management Accountant, and a member of the AICPA and the Institute of Management Accountants.

He is married with five children ranging in age from 32 to 7 years old. Personal interests include golf, hot air ballooning, anything the kids do.

Rise Of The Digital Conglomerate In Asia

Koert Breebaart and Scott Russell

Asia’s conglomerates are at an inflection point. From South Korea’s chaebols and Japan’s keiretsu to India’s business houses and Southeast Asia’s family-owned multinationals, these large groups have exceptional track records of success. However, they now find themselves competing for customers, capital, and talent in a very different and globalised environment.

Despite most Asian conglomerates working hard to improve operational efficiency and the quality of their products and services, new challengers – including agile online retailers such as Alibaba and Amazon, and global digital-powered entities like Google and Tesla – are fast disrupting markets, with new ways of selling and making decisions. Conglomerates face a stark choice: disrupt or be disrupted.

At the same time, rapid technical and social innovation is highlighting the need for continuous innovation. As technology plays a bigger role in their day-to-day lives, consumers want to shop for products and services that are personalised, transparent, convenient, and available on demand. Customer expectations, in other words, have never been higher.

Global market trends are also inescapable. With prices for commodities such as oil and minerals fluctuating, many Asian conglomerates are under pressure to reimagine their business models to open new revenue and profit sources as old ones close.

Some conglomerates have already adapted, successfully deploying digital technology to engage in new ways with customers, streamline operations, and optimise business outcomes. However, many are still yet to transform their operations for the digital age. To maintain and grow their competitive edge, Asian conglomerates should consider transforming key aspects of the business value chain by:

  • Evolving customer engagement and commerce to drive growth
  • Enhancing workforce engagement across employees and contractors to drive profit
  • Enabling superior business and supplier collaboration to drive down spend across direct materials, indirect spend, and travel
  • Optimizing the extended supply chain by harnessing the Internet of Things (IoT) to better connect assets, products, and equipment – increasing cost savings and enhance the customer experience
  • Providing real-time intelligent insights by bringing together business transactions and insights to drive more informed decision-making

Download our white paper “Rise of the Digital Conglomerate In Asia” to learn more. If you are interested, we are happy to demonstrate how SAP is uniquely positioned to help you with a powerful end-to-end enterprise platform, capable of digitising every business process across 25 industries. 


Koert Breebaart

About Koert Breebaart

Koert Breebaart is the Digital Leader and Vice President for the Conglomerates Industry Business Unit at SAP (Asia-Pacific and Japan). He leads the industry through value management, customer co-innovation, digital transformation, and business process performance improvement programs by developing road maps, reimagining business models, and reducing costs with digital technologies. On top of his expertise, Koert is also a passionate writer who consistently pens his thoughts and experiences in articles. He is the author of the book “5 Steps to Customer Centricity,” and the Director of the short documentary “Social Entrepreneurs: New Heroes of the 21st Century.”

Scott Russell

About Scott Russell

Scott Russell is the President and Managing Director for SAP Southeast Asia (SEA). Russell is responsible for business strategy, operations, P&L, and sustainable growth for SAP across SEA. He leads high-performing teams across Singapore, Malaysia, Thailand, Indonesia, Philippines, Vietnam and other emerging markets in SEA. Russell has more than 20 years of experience in the IT industry spanning across software, cloud and services. Russell has helped hundreds of companies leverage leading enterprise software including cloud solutions and providing expert guidance to achieve their business goals. Before joining SAP, Russell was with IBM Global Business Services, where he led the Systems Integration and Application Maintenance business for IBM Australia New Zealand and the Managing Partner for IBM in Thailand and Vietnam previously to that. Russell is also a respected thought leader and a regular speaker at seminars and conferences, including the World Economic Forum on ASEAN and Bloomberg ASEAN Business Summit. He has been featured in numerous media, including CNBC, Bloomberg TV, Channel NewsAsia, Nikkei Asian Review, Business Insider, Business Times and many others. Russell is passionate about helping companies leverage technology innovation by converting business strategy into successful execution with cloud and software solutions.

Human Skills for the Digital Future

Dan Wellers and Kai Goerlich

Technology Evolves.
So Must We.

Technology replacing human effort is as old as the first stone axe, and so is the disruption it creates.
Thanks to deep learning and other advances in AI, machine learning is catching up to the human mind faster than expected.
How do we maintain our value in a world in which AI can perform many high-value tasks?

Uniquely Human Abilities

AI is excellent at automating routine knowledge work and generating new insights from existing data — but humans know what they don’t know.

We’re driven to explore, try new and risky things, and make a difference.
We deduce the existence of information we don’t yet know about.
We imagine radical new business models, products, and opportunities.
We have creativity, imagination, humor, ethics, persistence, and critical thinking.

There’s Nothing Soft About “Soft Skills”

To stay ahead of AI in an increasingly automated world, we need to start cultivating our most human abilities on a societal level. There’s nothing soft about these skills, and we can’t afford to leave them to chance.

We must revamp how and what we teach to nurture the critical skills of passion, curiosity, imagination, creativity, critical thinking, and persistence. In the era of AI, no one will be able to thrive without these abilities, and most people will need help acquiring and improving them.

Anything artificial intelligence does has to fit into a human-centered value system that takes our unique abilities into account. While we help AI get more powerful, we need to get better at being human.

Download the executive brief Human Skills for the Digital Future.

Read the full article The Human Factor in an AI Future.


Dan Wellers

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation.

Share your thoughts with Kai on Twitter @KaiGoe.heif Futu


Finance And HR: Friends Or Foes? Shifting To A Collaborative Mindset

Richard McLean

Part 1 in the 3-part “Finance and HR Collaboration” series

In my last blog, I challenged you to think of collaboration as the next killer app, citing a recent study by Oxford Economics sponsored by SAP. The study clearly explains how corporate performance improves when finance actively engages in collaboration with other business functions.

As a case in point, consider finance and HR. Both are being called on to work more collaboratively with each other – and the broader business – to help achieve a shared vision for the company. In most organizations, both have undergone a transformation to extend beyond operational tasks and adopt a more strategic focus, opening the door to more collaboration. As such, both have assumed three very important roles in the company – business partner, change agent, and steward. In this post, I’ll illustrate how collaboration can enable HR and finance to be more effective business partners.

Making the transition to focus on broader business objectives

My colleague Renata Janini Dohmen, senior vice president of HR for SAP Asia Pacific Japan, credits a changing mindset for both finance and HR as key to enabling the transition away from our traditional roles to be more collaborative. She says, “For a long time, people in HR and finance were seen as opponents. HR was focused on employees and how to motivate, encourage, and cheer on the workforce. Finance looked at the numbers and was a lot more cautious and possibly more skeptical in terms of making an investment. Today, both areas have made the transition to take on a more holistic perspective. We are pursuing strategies and approaching decisions based on what delivers the best return on investment for the company’s assets, whether those assets are monetary or non-monetary. This mindset shift plays a key role in how finance and HR execute the strategic imperatives of the company,” she notes.

Viewing joint decisions from a completely different lens

I agree with Renata. This mindset change has certainly impacted the way I make decisions. If I’m just focused on controlling costs and assessing expenditures, I’ll evaluate programs and ideas quite differently than if I’m thinking about the big picture.

For example, there’s an HR manager in our organization who runs Compensation and Benefits. She approaches me regularly with great ideas. But those ideas cost money. In the past, I was probably more inclined to look at those conversations from a tactical perspective. It was easy for me to simply say, “No, we can’t afford it.”

Now I look at her ideas from a more strategic perspective. I think, “What do we want our culture to be in the years ahead? Are the benefits packages she is proposing perhaps the right ones to get us there? Are they family friendly? Are they relevant for people in today’s world? Will they make us an employer of choice?” I quite enjoy the rich conversations we have about the impact of compensation and benefits design on the culture we want to create. Now, I see our relationship as much more collaborative and jointly invested in attracting and retaining the best people who will ultimately deliver on the company strategy. It’s a completely different lens.

Defining how finance and HR align to the company strategy

Renata and I believe that greater collaboration between finance and HR is a critical success factor. How can your organization achieve this shift? “Once the organization has clearly defined what role finance and HR must play and how they fundamentally align to the company strategy, then it’s more natural to structure them in a way to support such transformation,” Renata explains.

Technology plays an important role in our ability to successfully collaborate. Looking back, finance and HR were heavily focused on our own operational areas because everything we did tended to consume more time – just keeping the lights on and taking care of our basic responsibilities. Now, through a more efficient operating model with shared services, standard operating procedures, and automation, we can both be more business-focused and integrated. As a result, we’re able to collaborate in more meaningful ways to have a positive impact on business outcomes.

In our next blog, we’ll look at how finance and HR can work together as agents of change.

For a deeper dive, download the Oxford Economics study sponsored by SAP.

Follow SAP Finance online: @SAPFinance (Twitter)LinkedIn | FacebookYouTube


Richard McLean

About Richard McLean

Richard McLean, regional CFO for SAP Asia Pacific Japan, oversees all key finance and administrative functions for field and regional headquarters, supporting more than 16,000 employees. He has more than 20 years of experience in senior finance roles with leading global companies across a range of industries, including financial services, investment banking, automotive, and IT. He joined SAP in 2008.