Hacker News new | past | comments | ask | show | jobs | submit login

Isn’t SAP absolutely massive? Surely they count as big tech.

Edit: for anyone wondering SAP has ~110,000 employees worldwide, Google has ~180,000, so comparably mega scale tech company.




If you are aware of SAP breaking the GDPR and it's being swept under the carpet or if enforcement is lackluster given the scope of the problem then please supply some evidence. That SAP is large doesn't matter, what matters is if they are breaking the law.


SAP isn't a social platform, it isn't even B2C, so they don't really relate to GDPR


The GDPR applies to all companies, social network platforms or not. It's not even about the internet in particular, it's about how companies can store and process private information of EU citizens.


SAP is B2B, the vast majoritybof personal data is professional (supplier and customer business contacts) and emoloyee data (payroll and such). Not much to fine here. Also, since SAP as a company isn't handling any of that data, SAP isn't really affected.


> Also, since SAP as a company isn't handling any of that data, SAP isn't really affected.

I am not sure that is completely correct, considering SAP's cloud offerings.


With EU based servers? Sure, GDPR applies. But so far I didn't hear anything about SAP not being compliant.


That is correct, as far as I know. I was just objecting to SAP not being responsible for any PII data of their customers, in all cases.


I don't think the location of servers is relevant to GDPR. It's about storing and processing data of citizens of any EU member country.


Server location matters a lot.


If I run my app on Azure, is Microsoft responsible for me breaking GDPR?

SAP runs your instance, but isn't responsible for what you do with it.


https://www.sap.com/about/trust-center/data-privacy.html#act...


If they're deemed a data processors then yes in fact they do need to care about the application of the laws. SAP has user management at least in terms of companys' own users which will likely have PII.


The personal data handled by SAP, the ERP system not the company, is very well compartementalized and accessible only need-to-know. Assuming proper user rights policies and roles are in place, but that is on SAPs client, amd not SAP themselves.


Sure, but SAP's business model doesn't depend on doing as much privacy violation as they can get away with (this is basically the business model of all adtech) so they're far less likely to fall afoul of the GDPR. The main risk to a company like SAP would be _accidentally_ falling afoul of the law; this tends to happen where companies are grossly negligent in their handling of personal data, and this is then exposed in a major leak.


You are absolutely correct with this.

I'm absolutely in favor of making it impossible for adtech to make any profit at all as long as they build their business on monetizing user data and exposing their users to all kinds of hazards.

I find it funny that so few people here see a problem with that kind of behavior. It's as if they expect society to serve the market, instead of the other way around.


Temporarily embarrassed millionaires or not yet exploded adtech unicorns, the same mindset. ;)


SAP is the company you go to to help you with potentially GDPR-affected processing. It would be quite a thing if they were doing any kind of non-accidental violation of GDPR.


When did SAP breach GDPR?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: