Skip to Content

Data Protection and Privacy

SAP protects the rights of employees, applicants, customers, suppliers, partners, and all other persons by preserving data ownership, protection, and privacy throughout the processing and use of information.
Previous Next
Policy representing data protection and privacy policy to protect data in the cloud

Data Protection and Privacy Policy

To comply with applicable data protection and privacy laws, SAP adopted a global policy that outlines a standard for handling personal data. It defines requirements for processing and accessing personal data, as well as clear responsibilities and organizational structures. The global group-wide minimum standard for processing of personal data is based on standard contractual clauses.

People icon representing data protection and privacy coordinators who monitor cloud backup and data integrity and follow our cloud security policy for cloud privacy and data safety

Data Protection and Privacy Coordinators

SAP has a network of coordinators to maintain a constant level of data protection and privacy within group affiliates and business areas. By monitoring the collection, processing, and deletion of personal data, coordinators help ensure that their assigned organizations adhere to applicable data protection and privacy legislation and our policy standards.

Previous Next

Fulfilling the Right to Secure Data and Privacy

Learn about our commitment to data protection and our respect for the privacy of all individuals. Mathias Cellarius, head of Data Protection and Privacy at SAP, explains our approach to safeguard all data under our care.

Contractual Data Processing

A master data protection agreement ensures consistent level of data protection and privacy when processing personal data for our own purposes, as well as our customers and applicable third parties. It outlines the same data protection standards when involving any sub-processor.

Data Protection Management System

To demonstrate our compliance obligations with data protection and privacy laws, SAP has implemented a wide range of measures – such as a data protection management system – to protect data controlled by us and our customers from unauthorized access and processing, accidental loss, or destruction.
Previous Next
Building representing line of business data protection guidelines to ensure cloud storage security and data confidentiality

Line of Business Data Protection Guidelines

The data protection management system allows SAP to ensure compliant behavior across all lines of business. This measure comprises a subset of company-wide data protection guidelines, function-specific work instructions, and a worldwide network of data protection representatives.

Big Data representing internal data protection that enables cloud storage privacy and security

Internal Data Protection

Following the core elements of management systems such as plan, do, check, and act, SAP regularly trains all employees and verifies a high level of data protection awareness with regular audits in more than 100 locations worldwide every year.

Open lock representing EU Access service from SAP

EU Access by SAP

The EU Access service from SAP enables customers to have their data processed and accessed from within the European Union, European Economic Area, and Switzerland. Remote access outside this region is excluded. This service is eligible for on-premise services and a number of cloud services.

EU General Data Protection Regulation (GDPR)

The European Union (EU) released the GDPR, replacing local data protection regulations. It reflects the rising  importance of the right of the individual when processing their data in today’s economy through increased obligations to entities processing personal data with powerful enforcements.

Data Protection Management System Certificate

Accredited by the British Standard Institution (BSI) of London, the certification is based on BS 10012, the standard for personal information management systems. Audit details and results are made available to all customer through the annual customer audit report.

Back to top