Big Data Privacy Risks And The Role Of The GDPR: Part 1

Evelyne Salie

Part 1 of a 2-part series. Read Part 2.

Data privacy concerns anyone using the intra- and internets of our global Big Data community. But many social media and web shop customers, employees, and global organizations aren’t fully aware of the privacy risks their online activity poses. Likewise, many individuals and businesses don’t realize there are actions they can take to guard themselves against the most hazardous risks.

There are two parties prompted to take protective actions by the General Data Protection Regulation (GDPR) —individuals and organizations with global customers coming from the European Union and other countries.

Major privacy threats and their impacts

There are multiple ways that Big Data analytics can invade personal privacy. The inherent risks are:

1. Discrimination: Use predictive analytics for determination on individuals

The use of predictive analytics by the public and private sector can be used by the government and companies to make determinations about our ability to fly, find a job, obtain a clearance, or get a credit card. The use of our associations in predictive analytics to make decisions that have a negative impact on individuals can lead to discrimination.

2. Embarrassment of breaches: Create public awareness by exposing personal information – identity theft

Examples include data breaches at multiple well-known retailers, restaurant chains, online marketplaces, government agencies, universities, online media corporations, and the recent hack that not only put unreleased movies on the web but exposed the personal information of thousands of employees. Also, public awareness about credit card fraud and identity theft is at an all-time high.

3. Abolishment of anonymity: Removing only a few data sets can lead to re-identification

Without rules for anonymized data files, it’s possible to combine data sets. Without first determining if any other data items should be removed prior to combining to protect anonymity, it’s possible that individuals could be re-identified.

4. Government exemptions: Collecting and adding more and more personal information to government databases

As an example, Americans are in more government databases than ever, including that of the FBI, which collects Personally Identifiable Information (PII) including name, any aliases, race, sex, date and place of birth, Social Security number, passport and driver’s license numbers, address, telephone numbers, photographs, fingerprints, financial information like bank accounts, employment and business information, and more. And who guarantees AAA quality of that data?

5. Data brokerage: Selling of unprotected and incorrect data profiles

Numerous companies collect and sell consumer profiles that are not clearly protected under current legal frameworks. The data files used for Big Data analysis can often contain inaccurate data about individuals, use data models that are incorrect as they relate to individuals, or simply be flawed algorithms.

6. Data misinterpretation: Having more data is no substitute for having high-quality data

While one can find countless political opinions on social media, these aren’t reliably representative of voters. A substantial share of tweets and Facebook posts about politics are computer-generated.


The role and importance of information management and governance in data privacy will be a key success factor for all organizations with European Union customers. In my next blog, I’ll break down the fundamentals of the required changes that will go into effect with GDPR.

This article, GRC Tuesdays: Part One – Big Data Privacy Risks and the Role of the GDPR, originally appeared on the SAP BusinessObjects Analytics blog and has been republished with permission.


Follow SAP Finance online: @SAPFinance (Twitter)|LinkedIn|Facebook|YouTube


Evelyne Salie

About Evelyne Salie

Evelyne is a highly experienced IT-Solution Principal, Business Developer and Project Manager with over 10 years IT- industry experience within the Governance Risk and Compliance and Finance area of expertise. She currently works as a Senior Director in Business Development at SAP Finance and GRC solutions. In her business development role she is working on concepts and realization for new generation of Finance solutions, running in real time, integrating predictive, Big Data, and mobile, which will change how offices of the CFO work, how the business is run, and how information is consumed.

How To Mitigate Foreign Corrupt Practice Act (FCPA) Risk In A Global Business Landscape

Payton Burger

The term “bribery” often conjures up thoughts of large sums of money being used to sway powerful officials one way or another. But when it comes to the rules and regulations set forth by the Foreign Corrupt Practice Act (FCPA), the terms “bribery” and “government officials” apply to a wide spectrum of actions and personnel. How can organizations ensure that they are not unintentionally breaking any rules and putting their business at risk of an FCPA-related audit?

In today’s fast-paced world, having a global presence is essential to stay competitive, but that leaves you exposed to more regulatory risks and fraud opportunities. Below, we’ll review the processes, procedures, and tools you should have in place to help mitigate these risks and ensure compliance with FCPA guidelines.

Understanding the ambiguity

Anti-bribery provisions state that an organization cannot give “anything of value” to a foreign official to obtain or retain business in their market. While this seems straightforward, enforcement actions are often based on allegations around leisure activities such as travel, meals, gifts, and entertainment, all of which are typically legal and socially acceptable. However, what might appear to be innocent exchanges are viewed as bribery to the FCPA.

And if that is not vague enough, the definition of a “government official” goes beyond someone who works directly for the government, and includes employees of government departments or agencies, state-owned enterprises (SOES), healthcare providers, and even third-party consultants helping with the planning of a hospitality event.

So how can your organization navigate this ambiguity—especially as you grow and expand globally and domestically —and implement the right checks and balances to mitigate risk related to the FCPA?

5 steps for FCPA compliance

  1. Understand your business network. The first step in protecting against the inadvertent bribery of a government official is ensuring that the employees engaging in cross-border business dealings have a firm understanding of all points of contact they will be directly or indirectly working with. In turn, leaders need to take a step back and consider how the organization works with various points of contact during the business process so they can more easily identify situations that may put them at risk of an FCPA violation.
  1. Implement the appropriate controls. The knowledge and expertise of your organization’s finance and compliance teams is imperative to successfully mitigating FCPA risk. Configuring expense systems with the appropriate workflows, attendee and expense types, conditional and custom fields, and requiring manager approval before “anything of value” is purchased is key to catching potential FCPA violations before they occur. Having these types of checks and balances in place also creates an audit trail with documentation that proves that your organization is doing its due diligence to prevent instances of bribery.
  1. Maintain clear and correct records. The FCPA also has provisions around financial books, record-keeping, and internal controls that put even more pressure on your financial teams. When it comes to your financial books and records, you must maintain reasonable detail that accurately and fairly reflects transactions surrounding foreign officials. Anything that is falsely represented or misleading can lead to an enforcement action. In addition, internal controls must be in place, meaning that you must be able to provide reasonable assurance that the transactions are properly authorized, recorded, and accounted for.
  1. Implement a comprehensive audit process. While these provisions are broad, creating an internal system that includes effective oversight and reporting capabilities will help maintain FCPA compliance. Build an audit process that has rules to account for regulatory violations. Consider these approaches:

– Audit receipt types and itemizations

– Audit cash expenses

– Conduct random checks

– Identify location and type of expense and where

– Verify employment and look for patterns of behavior

– Use a third-party auditor to maintain credibility and help your finance teams scale

  1. Proactively educate around clear policies. While preventative measures and audits are essential, don’t underestimate the importance of proactive education. Ensure that your finance team is properly trained and has a firm understanding of what constitutes both bribery and foreign officials. In addition, build clear, easy-to-understand organization-wide policies around what is and is not permitted when it comes to working with foreign officials to ensure that everyone is on the same page and maintains compliance.

Knowledge is key

Maintaining FCPA compliance boils down to having the proper knowledge surrounding what the FCPA considers bribery to a foreign official, and building the appropriate policies to combat that. Ensuring that you have the right knowledge, systems, and tools in place gives your finance team, and organization, what they need to be successful in reducing FCPA risk.

Learn about how the Concur can help your company monitor for compliance with the FCPA and other anti-corruption legislation here.

Learn how organizations are gaining instant financial insights and using them to make better decisions—both now and in the future. Register now for 2017 Financial Excellence Forum, Oct. 10-11 in New York City.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Payton Burger

About Payton Burger

Payton Burger is Client Marketing Manager for Concur.

School’s Back! Do You Have The Right Skill Set For Dynamic Planning?

Brian Kalish

Part 7 in the Dynamic Planning Series

“Do I have the right skill set for FP&A in 2017 and beyond?” That is a question I am asked all the time, whether I’m in Kuala Lumpur, Montevideo, or San Francisco. The role of the modern FP&A professional has changed greatly over the past 20 years, but the change I have witnessed over the past five years has truly been amazing.

When I would add talent to my FP&A teams 10 years ago, what I wanted was a Jedi master in Excel who had a strong background in accounting. Those days are long gone, because the scope and scale of what our FP&A teams can actually accomplish, as far as planning, budgeting, and forecasting are concerned, have grown at an accelerating pace.

Due to advances that have occurred in the technology and tools available today, activities that we could only dream of accomplishing a few years ago are either possible right now or will be possible in the very near future. Gone are the days of scheduled (and instantly out-of-date) plans and static reporting. We now live in a world of dynamic planning and real-time reporting. We can incorporate our actuals, in real time, to be able to determine if we are on track to reach our goals and objectives and if not, to make changes to our activities. We now regularly incorporate integrated reporting into the normal course of our communications with our stakeholders.

Planning, budgeting, and forecasting 101: new curriculum

All of this change has created opportunities as well as challenges for today’s FP&A professional. While being able to utilize Excel is important (it’s never going away, folks), along with a strong understanding of accounting, those are merely table stakes in today’s world. The three key skill sets that today’s FP&A pro must possess are financial acumen, technology and communication fluency, and a keen insight into the business. A strong dose of curiosity is also critical to being a best-in-class FP&A professional.

Those FP&A professionals who are able to master these new technologies and tools that are coming down the pike will be the ones in the greatest demand. I hear from CFOs from around the world that they expect the amount of strategic work their FP&A teams will be doing to double over the next few years. The majority of these same CFOs believe they have the proper number of people in their FP&A teams. How do they expect to close this chasm between the expected increase in workload without a corresponding increase in headcount? The overwhelming response is technology.

The challenge for organizations will be to determine if they have the right people in place to maximize the ROI for their outlays of these new technologies and tools. Not to minimize my skill set, but you can give me the most advanced surgical devices available to mankind, and I can guarantee that you don’t want me operating on you. Similarly, for FP&A talent to succeed, they will need the flexibility and agility to learn, master, and leverage these new technologies into their organizations as they come online.

The knack to be able to explain our plans or tell a story about our budgets, forecasts, analyses, insights, and foresights to a wide array of audiences, is critical to the success of our organizations. When you enter into the world of dynamic planning, the importance of communications grows ten-fold, as organizations must be able to explain why change is necessary to achieve success.

In a future blog, I’ll expand upon my thoughts and ideas on the importance of understanding the business in order to maximize the value FP&A professionals can bring to our business partners as well as the company as a whole.

I hope to see you at the upcoming Financial Excellence Forum in New York City October 10–11. You can register here. We will be touching on these issues and much more.

To learn more about dynamic planning, read the whitepaper here.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Brian Kalish

About Brian Kalish

Brian Kalish is founder and principal at Kalish Consulting. As a public speaker and writer addressing many of the most topical issues facing treasury and FP&A professionals today, he is passionately committed to building and connecting the global FP&A community. He hosts FP&A Roundtable meetings in North America, Europe, Asia, and South America. Brian is former executive director of the global FP&A Practice at AFP. He has over 20 years experience in finance, FP&A, treasury, and investor relations. Before joining AFP, he held a number of treasury and finance positions with the FHLB, Washington Mutual/JP Morgan, NRUCFC, Fifth Third Bank, and Fannie Mae. Brian attended Georgia Tech in Atlanta, GA for his undergraduate studies and the Pamplin College of Business at Virginia Tech for his graduate work. In 2014, Brian was awarded the Global Certified Corporate FP&A Professional designation.

Diving Deep Into Digital Experiences

Kai Goerlich


Google Cardboard VR goggles cost US$8
By 2019, immersive solutions
will be adopted in 20% of enterprise businesses
By 2025, the market for immersive hardware and software technology could be $182 billion
In 2017, Lowe’s launched
Holoroom How To VR DIY clinics

From Dipping a Toe to Fully Immersed

The first wave of virtual reality (VR) and augmented reality (AR) is here,

using smartphones, glasses, and goggles to place us in the middle of 360-degree digital environments or overlay digital artifacts on the physical world. Prototypes, pilot projects, and first movers have already emerged:

  • Guiding warehouse pickers, cargo loaders, and truck drivers with AR
  • Overlaying constantly updated blueprints, measurements, and other construction data on building sites in real time with AR
  • Building 3D machine prototypes in VR for virtual testing and maintenance planning
  • Exhibiting new appliances and fixtures in a VR mockup of the customer’s home
  • Teaching medicine with AR tools that overlay diagnostics and instructions on patients’ bodies

A Vast Sea of Possibilities

Immersive technologies leapt forward in spring 2017 with the introduction of three new products:

  • Nvidia’s Project Holodeck, which generates shared photorealistic VR environments
  • A cloud-based platform for industrial AR from Lenovo New Vision AR and Wikitude
  • A workspace and headset from Meta that lets users use their hands to interact with AR artifacts

The Truly Digital Workplace

New immersive experiences won’t simply be new tools for existing tasks. They promise to create entirely new ways of working.

VR avatars that look and sound like their owners will soon be able to meet in realistic virtual meeting spaces without requiring users to leave their desks or even their homes. With enough computing power and a smart-enough AI, we could soon let VR avatars act as our proxies while we’re doing other things—and (theoretically) do it well enough that no one can tell the difference.

We’ll need a way to signal when an avatar is being human driven in real time, when it’s on autopilot, and when it’s owned by a bot.

What Is Immersion?

A completely immersive experience that’s indistinguishable from real life is impossible given the current constraints on power, throughput, and battery life.

To make current digital experiences more convincing, we’ll need interactive sensors in objects and materials, more powerful infrastructure to create realistic images, and smarter interfaces to interpret and interact with data.

When everything around us is intelligent and interactive, every environment could have an AR overlay or VR presence, with use cases ranging from gaming to firefighting.

We could see a backlash touting the superiority of the unmediated physical world—but multisensory immersive experiences that we can navigate in 360-degree space will change what we consider “real.”

Download the executive brief Diving Deep Into Digital Experiences.

Read the full article Swimming in the Immersive Digital Experience.


Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation. Share your thoughts with Kai on Twitter @KaiGoe.heif Futu


Jenny Dearborn: Soft Skills Will Be Essential for Future Careers

Jenny Dearborn

The Japanese culture has always shown a special reverence for its elderly. That’s why, in 1963, the government began a tradition of giving a silver dish, called a sakazuki, to each citizen who reached the age of 100 by Keiro no Hi (Respect for the Elders Day), which is celebrated on the third Monday of each September.

That first year, there were 153 recipients, according to The Japan Times. By 2016, the number had swelled to more than 65,000, and the dishes cost the already cash-strapped government more than US$2 million, Business Insider reports. Despite the country’s continued devotion to its seniors, the article continues, the government felt obliged to downgrade the finish of the dishes to silver plating to save money.

What tends to get lost in discussions about automation taking over jobs and Millennials taking over the workplace is the impact of increased longevity. In the future, people will need to be in the workforce much longer than they are today. Half of the people born in Japan today, for example, are predicted to live to 107, making their ancestors seem fragile, according to Lynda Gratton and Andrew Scott, professors at the London Business School and authors of The 100-Year Life: Living and Working in an Age of Longevity.

The End of the Three-Stage Career

Assuming that advances in healthcare continue, future generations in wealthier societies could be looking at careers lasting 65 or more years, rather than at the roughly 40 years for today’s 70-year-olds, write Gratton and Scott. The three-stage model of employment that dominates the global economy today—education, work, and retirement—will be blown out of the water.

It will be replaced by a new model in which people continually learn new skills and shed old ones. Consider that today’s most in-demand occupations and specialties did not exist 10 years ago, according to The Future of Jobs, a report from the World Economic Forum.

And the pace of change is only going to accelerate. Sixty-five percent of children entering primary school today will ultimately end up working in jobs that don’t yet exist, the report notes.

Our current educational systems are not equipped to cope with this degree of change. For example, roughly half of the subject knowledge acquired during the first year of a four-year technical degree, such as computer science, is outdated by the time students graduate, the report continues.

Skills That Transcend the Job Market

Instead of treating post-secondary education as a jumping-off point for a specific career path, we may see a switch to a shorter school career that focuses more on skills that transcend a constantly shifting job market. Today, some of these skills, such as complex problem solving and critical thinking, are taught mostly in the context of broader disciplines, such as math or the humanities.

Other competencies that will become critically important in the future are currently treated as if they come naturally or over time with maturity or experience. We receive little, if any, formal training, for example, in creativity and innovation, empathy, emotional intelligence, cross-cultural awareness, persuasion, active listening, and acceptance of change. (No wonder the self-help marketplace continues to thrive!)

The three-stage model of employment that dominates the global economy today—education, work, and retirement—will be blown out of the water.

These skills, which today are heaped together under the dismissive “soft” rubric, are going to harden up to become indispensable. They will become more important, thanks to artificial intelligence and machine learning, which will usher in an era of infinite information, rendering the concept of an expert in most of today’s job disciplines a quaint relic. As our ability to know more than those around us decreases, our need to be able to collaborate well (with both humans and machines) will help define our success in the future.

Individuals and organizations alike will have to learn how to become more flexible and ready to give up set-in-stone ideas about how businesses and careers are supposed to operate. Given the rapid advances in knowledge and attendant skills that the future will bring, we must be willing to say, repeatedly, that whatever we’ve learned to that point doesn’t apply anymore.

Careers will become more like life itself: a series of unpredictable, fluid experiences rather than a tightly scripted narrative. We need to think about the way forward and be more willing to accept change at the individual and organizational levels.

Rethink Employee Training

One way that organizations can help employees manage this shift is by rethinking training. Today, overworked and overwhelmed employees devote just 1% of their workweek to learning, according to a study by consultancy Bersin by Deloitte. Meanwhile, top business leaders such as Bill Gates and Nike founder Phil Knight spend about five hours a week reading, thinking, and experimenting, according to an article in Inc. magazine.

If organizations are to avoid high turnover costs in a world where the need for new skills is shifting constantly, they must give employees more time for learning and make training courses more relevant to the future needs of organizations and individuals, not just to their current needs.

The amount of learning required will vary by role. That’s why at SAP we’re creating learning personas for specific roles in the company and determining how many hours will be required for each. We’re also dividing up training hours into distinct topics:

  • Law: 10%. This is training required by law, such as training to prevent sexual harassment in the workplace.

  • Company: 20%. Company training includes internal policies and systems.

  • Business: 30%. Employees learn skills required for their current roles in their business units.

  • Future: 40%. This is internal, external, and employee-driven training to close critical skill gaps for jobs of the future.

In the future, we will always need to learn, grow, read, seek out knowledge and truth, and better ourselves with new skills. With the support of employers and educators, we will transform our hardwired fear of change into excitement for change.

We must be able to say to ourselves, “I’m excited to learn something new that I never thought I could do or that never seemed possible before.” D!