Skip to Content
Previous Next

Fulfilling the Right to Secure Data and Privacy

Learn about our commitment to data protection and our respect for the privacy of all individuals. Mathias Cellarius, head of Data Protection and Privacy at SAP, explains our approach to safeguard all data under our care.

Contractual Data Processing

A master data protection agreement ensures consistent level of data protection and privacy when processing personal data for our own purposes, as well as our customers and applicable third parties. It outlines the same data protection standards when involving any sub-processor.

Data Protection Management System

To demonstrate our compliance obligations with data protection and privacy laws, SAP has implemented a wide range of measures – such as a data protection management system – to protect data controlled by us and our customers from unauthorized access and processing, accidental loss, or destruction.
Previous Next
Building representing line of business data protection guidelines to ensure cloud storage security and data confidentiality

Line of Business Data Protection Guidelines

The data protection management system allows SAP to ensure compliant behavior across all lines of business. This measure comprises a subset of company-wide data protection guidelines, function-specific work instructions, and a worldwide network of data protection representatives.

Big Data representing internal data protection that enables cloud storage privacy and security

Internal Data Protection

Following the core elements of management systems such as plan, do, check, and act, SAP regularly trains all employees and verifies a high level of data protection awareness with regular audits in more than 100 locations worldwide every year.

Open lock representing EU Access service from SAP

EU Access by SAP

The EU Access service from SAP enables customers to have their data processed and accessed from within the European Union, European Economic Area, and Switzerland. Remote access outside this region is excluded. This service is eligible for on-premise services and a number of cloud services.

Data Protection Management System Certificate

Accredited by the British Standard Institution (BSI) of London, the certification is based on BS 10012, the standard for personal information management systems. Audit details and results are made available to all customer through the annual customer audit report.

EU General Data Protection Regulation (GDPR)

Previous Next

Foster a data protection culture

The European Union (EU) released the GDPR, replacing local data protection regulations. It reflects the rising  importance of the right of the individual when processing their data in today’s economy through increased obligations to entities processing personal data with powerful enforcements.

Frequently Asked Questions

Back to top