If you're doing e-commerce in the European Union (EU), you are going to be affected by new European regulations that go into effect on May 25, 2018. Join our senior consultants to learn about the key impacts that elements of the GDPR will have on your existing or planned implementation project of the SAP Hybris Commerce solution.

1. Yannick Robin & Tobias Ouwejan, SAP
October 18th, 2017
How is Your SAP Hybris Commerce
implementation affected by GDPR?

2. 2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Agenda What we’ll look at
Background What is GDPR?
Roadmap Key capabilities
Next Steps Explore, adjust & plan

3. 3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Penalty up to 4%
of worldwide turnover
Takes effect
from 25 May 2018
Background What is GDPR anyway?
Data protection for all
individuals within the EU
Any information related
to a natural person
Any company doing business
in the European Union
It’s an European law
regulation (EU) 2016/679

4. 4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Background Privacy Obligations
Consent Minimisation Storage limitations
Data portability Profiling Security
DPO Process activities records Data breaches

5. 5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Background Who’s accountable?
The Data Subject is
a natural person
whose personal data
is processed
The Data Controller
determines the purposes,
conditions and means of the
processing of personal data
The Data Processor
processes data on behalf of
the Data Controller.

6. 6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Background Who’s accountable?
Our software will NOT make you
compliant. We offer Data Protection
and Privacy Features that can be
leveraged.
The Data Controller is accountable.

7. Key capabilities
Data protection and privacy features

8. 8PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Data protection and privacy Key capabilities
Consent Management
Capture anonymous and
registered user consent and
allow for self-service
Data retention / erasure
Manual account closure or
automated data erasure based
on retention periods
Personal data reporting
Allow for customer specific
reports, generated in Backoffice
Disclaimer:not yet available

9. 9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Data protection and privacy Frameworks & extensibility
Consent management
§ Basestore driven consent
templates
§ Consent entry points
Data retention / erasure
§ Configurable
§ Basic implementation for
removal
§ Interface for custom
implementation
(e.g. removal, data
anonymization)
Personal data reporting
§ Audit logging framework
§ Report config (xml)
§ Custom report conversion
Strategy
Disclaimer:not yet available

10. 10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Data protection and privacy When do we deliver?
Pre 6.5
No data protection and
privacy features available
Release 6.6
Consent management
Customer account closure
Personal data reporting
Audit logging framework
Data retention framework
Release 6.5
Data annotation framework
Consent management for
registered users
Disclaimer:not yet available

11. Your Next Steps
Explore, Adjust & Plan

12. 12PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Your next steps Consider upgrading
No backports available
for data protection and
privacy features
Your solution might have
Customizations that conflict
with our standard features
SAP Hybris Expert Services
can help you to plan with
Upgrade Assessment
package

13. 13PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Explore
§ Identify what, where and by whom personal customer data is processed and
stored
§ Analyze 6.5 and roadmap
§ Related projects
Adjust
§ Nominate DPO
§ Enable internal staff (Customer Service, IT, Business)
Plan
§ Identify and prioritize risks and gaps
§ Setup a roadmap and project plan taking in consideration SAP Hybris Commerce
roadmap
Your next steps Assess GDPR readiness

14. 14PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Your next steps Assess GDPR readiness
May 25th 2018Today Jan 1st 2018
Disclaimer: not yet available
Release 6.6
Identifypersonal data
Analyze 6.5 Analyze roadmap
Identifydependencies
Nominate DPO
Adjust internal processes Enable internal staff
Setup projectroadmap
Setup / align program
Implementdata protection& privacy features
Content adjustments
Upgrade to 6.5
Integration adjustments

15. Thank you.
Contact information:
Yannick Robin
Principal Consultant
yannick.robin@sap.com
Tobias Ouwejan
Head of Commerce Practice
tobias.ouwejan@sap.com
+31 06 55 141 533

16. 16PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Q&A

17. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components
of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated
companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are
set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release
any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products,
and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The
information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various
risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements,
and they should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company)
in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.
See http://global.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
© 2017 SAP SE or an SAP affiliate company. All rights reserved.