Hacker News new | past | comments | ask | show | jobs | submit login

SAP is B2B, the vast majoritybof personal data is professional (supplier and customer business contacts) and emoloyee data (payroll and such). Not much to fine here. Also, since SAP as a company isn't handling any of that data, SAP isn't really affected.



> Also, since SAP as a company isn't handling any of that data, SAP isn't really affected.

I am not sure that is completely correct, considering SAP's cloud offerings.


With EU based servers? Sure, GDPR applies. But so far I didn't hear anything about SAP not being compliant.


That is correct, as far as I know. I was just objecting to SAP not being responsible for any PII data of their customers, in all cases.


I don't think the location of servers is relevant to GDPR. It's about storing and processing data of citizens of any EU member country.


Server location matters a lot.


If I run my app on Azure, is Microsoft responsible for me breaking GDPR?

SAP runs your instance, but isn't responsible for what you do with it.


https://www.sap.com/about/trust-center/data-privacy.html#act...


If they're deemed a data processors then yes in fact they do need to care about the application of the laws. SAP has user management at least in terms of companys' own users which will likely have PII.


The personal data handled by SAP, the ERP system not the company, is very well compartementalized and accessible only need-to-know. Assuming proper user rights policies and roles are in place, but that is on SAPs client, amd not SAP themselves.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: