Data protection and privacy
Preserving trust through data security
SAP’s commitment to data protection and privacy
We safeguard personal information by employing advanced security protocols and fostering a culture of trust.
Data protection and privacy by design
We focus on continuously improving our product development standards. We embed data protection and privacy features in our products and services by design and by default.
Artificial intelligence at SAP
Our use of AI and its development is governed by SAP Global AI Ethics policy and applicable laws.
Data protection management system (DPMS)
We have implemented a DPMS with respect to our internal data protection and privacy controls in accordance with internally recognized industry standards.
Data protection and privacy
We respect the privacy of every individual. Our policies and data processing agreements help us abide by relevant laws worldwide and provide a trusted foundation for our customers to operate their businesses.
General Data Protection Regulation (GDPR)
In Europe, an individual’s right to data privacy is a human right. As a Germany-based company, SAP has a long-standing commitment to data privacy and protection principles.
EU Standard Contractual Clauses (EU SCC)
Find out how SAP implements the EU Standard Contractual Clauses (EU SCC) as published by the European Commission following the Schrems II decision.
EU Cloud Code of Conduct (EU Cloud CoC)
SAP has sought a Declaration of Adherence to the EU Cloud CoC for certain cloud services.
UK International Data Transfer Agreement (IDTA)
In line with the IDTA and SCCs, we support international data transfers. EEA, EU, and UK customers can easily manage compliance by signing a data processing agreement amendment through SAP’s self-service portal.
Global data protection and privacy compliance
Find out how SAP monitors and stays compliant with the always-evolving global data protection and privacy requirements applicable to SAP's products and services.
California Privacy Rights (CCPA/CPRA)
SAP supports California Privacy Rights initiatives, which grants California residents more control over their personal data and imposes heightened compliance obligations on businesses who share and sell such information.
The Health Insurance Portability and Accountability Act (HIPAA)
Under certain circumstances, SAP enters into a Business Associate Addendum (BAA) as a covered entity and business associate to enable compliance for those SAP customers that intend to process Personal Health Information (PHI).
Vietnam's Personal Data Protection Decree
Vietnam issued Decree 13 on Personal Data Protection (PDPD). Vietnam will become the fifth country in the ASEAN region with an omnibus set of data protection regulations.
The Philippines Data Processing Systems and Data Protection Officers registrations
Find out about SAP's Philippines Data Processing Systems and Data Protection Officers registrations and seals.
Brazil’s General Data Protection Law
New regulations governing cross-border transfers of personal data are reshaping Brazil’s data protection landscape. SAP supports global compliance by embedding privacy into its operational model, promoting secure and lawful data flows across international boundaries.
Data processing at SAP
SAP protects the rights of individuals whose data we process. We strive to continuously strengthen our reputation as a trusted and reliable business partner in the market.
Data processing agreements (DPAs)
SAP signs DPAs with each of our customers. DPAs enable us and our customers to comply with applicable laws when SAP processes personal data on behalf of customers.
Technical and organizational measures (TOMs)
SAP constantly improves upon TOMs to protect the data we process on behalf of customers against unauthorized access, change, or deletions.
Subprocessors
SAP use of subprocessors may require access to and transfer of customer data to subprocessors for the hosting of customer data and related infrastructure support.
Government requests to access customer data
SAP receives few requests from government agencies requiring SAP to produce or disclose information that contains or includes any customer data.
Data Subject Rights
Submit a request to exercise your data subject rights.
Continuous improvement of Cloud Services
We regularly update our cloud services to support performance, security and innovation, while respecting our data protection and privacy obligations.
Data Privacy and Transfer Impact Assessments
Find out how SAP supports customers with common questions related to data privacy and transfer impact assessments when using SAP products and services.
DPA Amendment Self Service for EU/EEA and UK Customers
SAP supports international data transfers in line with the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA). Customers in the EU/EEA and UK can easily manage compliance by signing a Data Processing Agreement (DPA) amendment through SAP’s self-service portal.
Product Development Schedule
The Product Development Schedule sets out terms on how SAP may use customer data for general product research and development.
Data protection and privacy certifications
SAP has a wide range of third-party audit reports, certifications, and attestations that demonstrate our compliance with data protection and privacy requirements.
Audit reports and certifications
SAP maintains multiple industry-standard, third-party certifications, and audit reports in support of the TOMs described in our DPAs.
Industry-specific attestations
SAP has a variety of sector-specific attestations and authorizations for certain products and services to meet the needs of customers in various industries, including FedRAMP and PCI DSS.
EU Cloud CoC reports
SAP has sought a Declaration of Adherence to the EU Cloud CoC for certain cloud services to demonstrate GDPR compliance in the SAP product and services portfolio.
Data protection management system (DPMS)
SAP has implemented a DPMS with respect to its internal data protection and privacy controls in accordance with internationally recognized industry standards.