The “Ayurvedic” Approach To GDPR

Neil Patrick

At around 11 months before the General Data Protection Regulation (GDPR) or Regulation (EU) 2016/679 becomes effective, how are things looking in the marketplace?

GDPR is a topic I’ve been working on for some nine months as part of my role. This entails a lot of reading and research; talking to many, many customers and peers on the topic; learning what they are doing; and assisting customers with an approach to an end-to-end compliance capability. (Read our other GDPR articles.)

Beware of misleading comments

I’ve seen a number of misunderstandings and misrepresentations for GDPR that worry me. For example, I’ve seen it stated by others that GDPR requires data to be encrypted, or that data centres have to relocate from the United States to the European Union to be GDPR-compliant. Both are untrue, but contain just enough similar wording to GDPR to make it sound plausible. This reminds me of the story about someone suffering with up to 17 headaches a day and how that was resolved (but more on that a bit later).

Part of the problem is that vendors and agencies are bending the meaning of GDPR to suit their niche functional capabilities. I have also noticed a laziness when they don’t actually read the GDPR, but instead use someone else’s interpretation and/or summary points to develop a feature map and collateral. So, for example, software being positioned (and possibly purchased?) is a few levels of separation and interpretation away from the real GDPR requirement.

In addition to being wrong and confusing, this can also lead to a plethora of disconnected niche pieces of software cluttering up the enterprise, while not really addressing the needs of the actual regulation.

Give it a go—read the GDPR

The GDPR is not the most riveting read, true, but it’s actually quite well structured. And if one takes the perspective of its intent—to protect people’s personal data from accidental or institutionalized misuse or loss—it makes a whole lot of sense. You don’t have to be a lawyer to understand that intent.

I was at a seminar recently and a representative from the supervising authority for that member state reflected that their GDPR experts were being poached by industry. They also pointed out that GDPR was an operational exercise, not a legal one, so lawyers alone wouldn’t be enough to determine a corporate response.

Pressure to sell drives confusion

Software companies want to sell licenses, and they want to get into the market quickly, so they need to enable their sales teams to articulate why their GDPR story is better than their competitors’. There is pressure to sell and to simplify the message.

But GDPR in its full extent is not that simple, and it touches a very broad range of roles in an organization as well as different levels. Legal, finance, compliance, audit, IT, security, training, as well as the board of directors, all own a slice of the GDPR pie. Combinations of technical tools, plus ongoing sustainable process governance and cultural change, are required

Because of the breadth of GDPR, the majority of vendors in this space can only offer niche solutions. This sometimes makes it difficult for them to add any real substantive contribution to GDPR compliance. But they still try to find some storyline to hook into.

Diagram courtesy of Neil Patrick

The diagram above is a way of interpreting and delivering a core set of GDPR requirements that can be operationalized via a single solution, as part of a centralized corporate response to GDPR. It has been crafted around the regulation itself as the source of truth. The solution can be integrated with other new tools and legacy systems to deliver a coordinated and centralized view on GDPR compliance.

I believe software vendors have a duty to go back to the regulation and read it, then determine how their software meets the requirements, and clean up their messaging. We’re less likely to get misleading statements, less likely to induce customer GDPR fatigue, and more likely to aggregate around approaches that benefit our customers.

GDPR requires a holistic approach to be effective, and to be a value-add

Now back to the person with the 17 headaches a day. Significant testing was done of the head, blood, hormones, enzymes, and so forth, focusing on solving the problem of headaches. After quite some time, a holistic doctor was engaged who approached the problem from a whole-body perspective, not just focusing on the head. The doctor discovered a misalignment of vertebra in the spine, plus a way of life that led to constrictions in the spine, resulting in the headaches. This is much like the Ayurvedic approach to medicine, which has the belief that health and wellness depend on a delicate balance between body, mind, and spirit.

GDPR needs to be addressed with the same contextualized—the whole-body approach. Organizations shouldn’t be acquiring and implementing niche tools to tick off stated problems as presented by third parties, but should be taking a holistic approach to rolling out the business change that is required by GDPR. Yes, this includes software, but also a permanent cultural shift in how the organization thinks about and handles personal data.

Ayurvedic GDPR

So what is required? Good software focusing on technical GDPR requirements (which does include encryption, but also pseudonymization and other appropriate technical measures); governance of the GDPR compliance processes; and ensuring that the necessary cultural change is pushed out into the business. In other words: better corporate body, mind, and spirit.

If done well and thoroughly, these are the same activities that will deliver benefits like:

  • Reduced cost of compliance (not just GDPR) and likelihood of a fine
  • Reduced organizational and individual risk, linked to business planning and mission
  • Good data governance
  • Reduce cybersecurity risk and reputational risk
  • Smaller, better-organized IT toolset
  • Cleaner user privilege administration
  • Greater organizational agility

Learn more

  • Read our other blogs about GDPR.
  • Read our other GRC Tuesday series blogs.

This article, GRC Tuesdays: “Ayurvedic” GDPR, originally appeared on the SAP BusinessObjects Analytics blog and has been republished with permission.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Neil Patrick

About Neil Patrick

Dr. Neil Patrick is a Director of SAP Centre of Excellence for GRC & Security covering EMEA. He has over 12 years’ experience in Governance, Risk Management and Compliance (GRC) & Security fields. During this time he has been a managing consultant, run professional services delivery teams in the UK and USA, conducted customer business requirements sessions around the world, and sales and business development initiatives. Neil has presented core GRC and Security thought leadership sessions in strategic customer-facing engagements, conferences and briefing sessions.

An Analytical Future Requires An Automated Approach

Les Smith

The emergence of real-time and predictive analytics technology gives finance an opportunity to reinvent itself as the analytics hub of the organization, enabling the entire organization to make fact-based decisions faster while taking finance out of day-to-day transactional activities to become a strategic partner to the business.

But how can finance adapt to provide these dynamic new capabilities without disrupting day-to-day operations?

While this future state might seem highly desirable, it must be achieved without degrading or endangering finance’s core activities. The solution may be in automation, which will allow finance to shift staff away from repetitive and low-level tasks to be deployed into those areas that truly add value to the business.

In 2017, Oxford Economics surveyed 1,701 finance professionals across multiple industries and four global regions, including 300 leaders from Australia & New Zealand, to uncover their attitudes towards their function’s changing requirements and challenges, and understand what it takes to become a finance Leader.

It found ANZ finance professionals are lagging their global counterparts in embracing the benefits of real-time and predictive analytics, although they are warming to the idea that automation might provide some benefit to driving efficiency and allowing finance to take on value-added tasks.

Analytic benefits are not being grasped

Despite significant industry buzz, the benefits of real-time and predictive analytics have yet to see result in their adoption into the mainstream of ANZ finance professionals—especially in New Zealand. Real-time analytics enable finance – and the business units it supports—to make decisions at much faster speeds, based on the most up-to-date data. But while 83% of global finance Leaders rated real-time analytics as important to the finance function’s successful performance today, this fell to 50% for Australia, and just 20% for New Zealand. For those respondents that rated real-time analytics as critically important, the key benefits were improving finance’s collaboration with the business, optimising risk management and compliance, and evaluating the financial viability of strategic growth initiatives.

If real-time analytics is all about speed, then predictive analytics is all about the future, and the potential for finance to stop just looking in the rear-view mirror and provide greater guidance on where the organization should be heading. Leaders understand this, and when questioned about the importance of predictive analytics, 80% saw its benefit today. But again, this dropped to just 42% for Australia and to an alarming 12% for New Zealand. Those who did see its benefits listed them as improving efficiency across the organization, optimizing procurement, optimizing risk management and compliance, and driving strategic growth initiatives.

The lack of regard for the importance of these two technologies may belie their future value. When asked about the importance of real-time analytics two years from now, both Australian and New Zealanders showed greater enthusiasm (72% and 48% respectively), while the importance of predictive analytics/modelling also increased (66% for Australia and 42% for New Zealand).

But while these forward-looking results brought Australia in line with the rest of the world, it is clear that New Zealand still has some way to go to embracing these emerging capabilities.

An automated future

If finance is ever to embrace the new world of analytics, it must first free itself up from the many of the lower-level and more manual tasks its currently finds itself handling. Indeed, if finance is to reach its full potential as a strategic business partner, automation will be critical, lest it be buried under the avalanche of requests it receives from other business functions.

Automation was determined as one of the key attributes of finance leaders, and is proving to be a key tool in the battle to free up capacity. Australian finance professionals are warming to the idea, with 68% indicating that it is improving the finance function’s efficiency and allowing it to take on value-added tasks. But just as with real-time and predictive analytics, only 42% New Zealand respondents have tapped into the benefits of automation.

Curiously, when asked whether improving efficiency across the organization was among the top three goals for the finance function, 60% of New Zealanders indicated as much—well ahead of respondents in Australia and the rest of the world (47% and 52% respectively). This could perhaps reflect the fact that the adoption of automation in Australia has already led to efficiency gains. But manual processes were not seen as a significant obstacle to achieving business goals, with only 26% of New Zealanders and 20% of Australians indicating so. This perhaps suggests that some respondents are simply not aware of the benefits that automation can bring.

Building the analytics hub

Market volatility means companies have to make fact-based decisions faster—possibly even in real-time—to compete effectively. Real-time and predictive analytics provide a toolset to enable responses that are both faster and take into account future scenarios, and deliver the added benefit of reducing risk in decision-making by ensuring that they are taken with the most up-to-date information available. For risk-averse organizations in ANZ, investment in these capabilities should be standard.

But the benefits of real-time and predictive analytics can only truly be realized if finance frees itself from manual processes using automation. Investment in analytics and automation must go hand-in-hand if finance is to achieve its true potential as the analytics hub of the organisation.

Explore the Oxford Economics CFO Global study and ANZ insights now. Download here.

Learn how organizations are gaining instant financial insights and using them to make better decisions—both now and in the future. Register now for the 2017 Financial Excellence Forum, Oct. 10-11 in New York City.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Les Smith

About Les Smith

Working with organisations across the Asia Pacific region for over 20 years, Les holds a wealth of experience in Finance Transformation. As the Centre of Excellence lead for Finance & GRC in SAP, Les works with organisations to bring transformation theory up to reality with solutions from across the Office of the CFO (OoCFO) portfolio. Prior to SAP, Les specialised in performance management and Business Intelligence solutions, Health Checks, and Industry benchmarking on key performance indicators. During this time Les and his team delivered more than 50 strategic projects across 10 countries. With such a wide range of experience and strategic customer insight, Les understands how the Finance function can enable themselves to succeed in the Digital Economy.

The World For Finance Leaders Is Still A’Changing – Are You Keeping Up?

Judy Cubiss

Change really does seem to be the only constant at the moment, at work and at home, due to the current pace of innovation and technology. In fact, the rate of change is accelerating. There are a lot of stats about how much data is being created in every single moment – 2.5 quintillion bytes of data per day, according to DN Capital back in 2015, so that number is already out of date. Trying to keep up with even a fraction of the information available is hard. Being able to use the vast amount of available data effectively is even harder.

As I was reminded recently in one episode of my favorite podcast series, Freakonomics, being productive is not the same as being efficient. Sometimes with all the tasks and all the data, it is easy to forget that it is more important to do the right things rather than to get faster at the wrong things.

Earlier this year, Oxford Economics set out to find out for finance leaders what are the “right” things. What traits do successful finance leaders have in common? I found it interesting that out of the six identified common traits identified, there was an even split between leadership/strategic skills and process/technology skills.

How some finance leaders are keeping pace

The finance leaders who are having success in this changing environment are becoming leaders in a much broader sense within their companies. They are associated with driving strategic growth for their companies. They collaborate regularly with the leaders of many different business units. And they exert influence beyond just the finance function. Technology has helped them be even more successful; for many companies, finance is now the analytics hub of the business, providing real-time insights, including comprehensive enterprise risk assessments to help every leader make better decisions.

These successful finance leaders still run all their core finance processes effectively and are continuously working to improve the efficiency of these processes through automation and self-learning. Blockchain and machine learning are just a couple of the technologies that these leaders are exploring because they are showing potential for increased automation and efficiency. Automating cash applications and simplifying bank transfers are good use cases for the technologies.

As data volume rises, we see these leaders embedding compliance in the financial operational processes. They realize compliance can no longer be just be a post-processing function.

How some are staying ahead of the curve

All these changes require a whole new way of using technology in finance. Finance platforms will replace ERP systems that have operated in silos. These finance platforms enable the transformation of financial management systems, and support the collaboration across all lines of business (LOBs) that is needed so that the business can run “live.”

We will be covering these topics and more at the SAP Finance Excellence Forum in New York City, Oct. 10–11. Leading companies such as Toyota will share how they used technology to accelerate their journey to bring different cultures and LOBs together. Vivant will share how finance boardroom influence is increasing, and how CFOs are helping lead business transformation. Colleagues from Exxon Mobile will discuss their finance transformation story with a new technology platform. There will also be more detailed sessions on how technology can help your organization become a leading finance organization and support your business to run live.

Learn how organizations are gaining instant financial insights and using them to make better decisions – both now and in the future. Register now for the 2017 Financial Excellence Forum, Oct. 10-11 in New York City.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Judy Cubiss

About Judy Cubiss

Judy is director of content marketing for Finance at SAP. She has worked in the software industry for over 20 years in a variety of roles, including consulting, product management, solution management, and content marketing in both Europe and the United States.

Diving Deep Into Digital Experiences

Kai Goerlich


Google Cardboard VR goggles cost US$8
By 2019, immersive solutions
will be adopted in 20% of enterprise businesses
By 2025, the market for immersive hardware and software technology could be $182 billion
In 2017, Lowe’s launched
Holoroom How To VR DIY clinics

From Dipping a Toe to Fully Immersed

The first wave of virtual reality (VR) and augmented reality (AR) is here,

using smartphones, glasses, and goggles to place us in the middle of 360-degree digital environments or overlay digital artifacts on the physical world. Prototypes, pilot projects, and first movers have already emerged:

  • Guiding warehouse pickers, cargo loaders, and truck drivers with AR
  • Overlaying constantly updated blueprints, measurements, and other construction data on building sites in real time with AR
  • Building 3D machine prototypes in VR for virtual testing and maintenance planning
  • Exhibiting new appliances and fixtures in a VR mockup of the customer’s home
  • Teaching medicine with AR tools that overlay diagnostics and instructions on patients’ bodies

A Vast Sea of Possibilities

Immersive technologies leapt forward in spring 2017 with the introduction of three new products:

  • Nvidia’s Project Holodeck, which generates shared photorealistic VR environments
  • A cloud-based platform for industrial AR from Lenovo New Vision AR and Wikitude
  • A workspace and headset from Meta that lets users use their hands to interact with AR artifacts

The Truly Digital Workplace

New immersive experiences won’t simply be new tools for existing tasks. They promise to create entirely new ways of working.

VR avatars that look and sound like their owners will soon be able to meet in realistic virtual meeting spaces without requiring users to leave their desks or even their homes. With enough computing power and a smart-enough AI, we could soon let VR avatars act as our proxies while we’re doing other things—and (theoretically) do it well enough that no one can tell the difference.

We’ll need a way to signal when an avatar is being human driven in real time, when it’s on autopilot, and when it’s owned by a bot.

What Is Immersion?

A completely immersive experience that’s indistinguishable from real life is impossible given the current constraints on power, throughput, and battery life.

To make current digital experiences more convincing, we’ll need interactive sensors in objects and materials, more powerful infrastructure to create realistic images, and smarter interfaces to interpret and interact with data.

When everything around us is intelligent and interactive, every environment could have an AR overlay or VR presence, with use cases ranging from gaming to firefighting.

We could see a backlash touting the superiority of the unmediated physical world—but multisensory immersive experiences that we can navigate in 360-degree space will change what we consider “real.”

Download the executive brief Diving Deep Into Digital Experiences.

Read the full article Swimming in the Immersive Digital Experience.


Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation. Share your thoughts with Kai on Twitter @KaiGoe.heif Futu


Jenny Dearborn: Soft Skills Will Be Essential for Future Careers

Jenny Dearborn

The Japanese culture has always shown a special reverence for its elderly. That’s why, in 1963, the government began a tradition of giving a silver dish, called a sakazuki, to each citizen who reached the age of 100 by Keiro no Hi (Respect for the Elders Day), which is celebrated on the third Monday of each September.

That first year, there were 153 recipients, according to The Japan Times. By 2016, the number had swelled to more than 65,000, and the dishes cost the already cash-strapped government more than US$2 million, Business Insider reports. Despite the country’s continued devotion to its seniors, the article continues, the government felt obliged to downgrade the finish of the dishes to silver plating to save money.

What tends to get lost in discussions about automation taking over jobs and Millennials taking over the workplace is the impact of increased longevity. In the future, people will need to be in the workforce much longer than they are today. Half of the people born in Japan today, for example, are predicted to live to 107, making their ancestors seem fragile, according to Lynda Gratton and Andrew Scott, professors at the London Business School and authors of The 100-Year Life: Living and Working in an Age of Longevity.

The End of the Three-Stage Career

Assuming that advances in healthcare continue, future generations in wealthier societies could be looking at careers lasting 65 or more years, rather than at the roughly 40 years for today’s 70-year-olds, write Gratton and Scott. The three-stage model of employment that dominates the global economy today—education, work, and retirement—will be blown out of the water.

It will be replaced by a new model in which people continually learn new skills and shed old ones. Consider that today’s most in-demand occupations and specialties did not exist 10 years ago, according to The Future of Jobs, a report from the World Economic Forum.

And the pace of change is only going to accelerate. Sixty-five percent of children entering primary school today will ultimately end up working in jobs that don’t yet exist, the report notes.

Our current educational systems are not equipped to cope with this degree of change. For example, roughly half of the subject knowledge acquired during the first year of a four-year technical degree, such as computer science, is outdated by the time students graduate, the report continues.

Skills That Transcend the Job Market

Instead of treating post-secondary education as a jumping-off point for a specific career path, we may see a switch to a shorter school career that focuses more on skills that transcend a constantly shifting job market. Today, some of these skills, such as complex problem solving and critical thinking, are taught mostly in the context of broader disciplines, such as math or the humanities.

Other competencies that will become critically important in the future are currently treated as if they come naturally or over time with maturity or experience. We receive little, if any, formal training, for example, in creativity and innovation, empathy, emotional intelligence, cross-cultural awareness, persuasion, active listening, and acceptance of change. (No wonder the self-help marketplace continues to thrive!)

The three-stage model of employment that dominates the global economy today—education, work, and retirement—will be blown out of the water.

These skills, which today are heaped together under the dismissive “soft” rubric, are going to harden up to become indispensable. They will become more important, thanks to artificial intelligence and machine learning, which will usher in an era of infinite information, rendering the concept of an expert in most of today’s job disciplines a quaint relic. As our ability to know more than those around us decreases, our need to be able to collaborate well (with both humans and machines) will help define our success in the future.

Individuals and organizations alike will have to learn how to become more flexible and ready to give up set-in-stone ideas about how businesses and careers are supposed to operate. Given the rapid advances in knowledge and attendant skills that the future will bring, we must be willing to say, repeatedly, that whatever we’ve learned to that point doesn’t apply anymore.

Careers will become more like life itself: a series of unpredictable, fluid experiences rather than a tightly scripted narrative. We need to think about the way forward and be more willing to accept change at the individual and organizational levels.

Rethink Employee Training

One way that organizations can help employees manage this shift is by rethinking training. Today, overworked and overwhelmed employees devote just 1% of their workweek to learning, according to a study by consultancy Bersin by Deloitte. Meanwhile, top business leaders such as Bill Gates and Nike founder Phil Knight spend about five hours a week reading, thinking, and experimenting, according to an article in Inc. magazine.

If organizations are to avoid high turnover costs in a world where the need for new skills is shifting constantly, they must give employees more time for learning and make training courses more relevant to the future needs of organizations and individuals, not just to their current needs.

The amount of learning required will vary by role. That’s why at SAP we’re creating learning personas for specific roles in the company and determining how many hours will be required for each. We’re also dividing up training hours into distinct topics:

  • Law: 10%. This is training required by law, such as training to prevent sexual harassment in the workplace.

  • Company: 20%. Company training includes internal policies and systems.

  • Business: 30%. Employees learn skills required for their current roles in their business units.

  • Future: 40%. This is internal, external, and employee-driven training to close critical skill gaps for jobs of the future.

In the future, we will always need to learn, grow, read, seek out knowledge and truth, and better ourselves with new skills. With the support of employers and educators, we will transform our hardwired fear of change into excitement for change.

We must be able to say to ourselves, “I’m excited to learn something new that I never thought I could do or that never seemed possible before.” D!