Hacker News new | past | comments | ask | show | jobs | submit login

> Also, since SAP as a company isn't handling any of that data, SAP isn't really affected.

I am not sure that is completely correct, considering SAP's cloud offerings.




With EU based servers? Sure, GDPR applies. But so far I didn't hear anything about SAP not being compliant.


That is correct, as far as I know. I was just objecting to SAP not being responsible for any PII data of their customers, in all cases.


I don't think the location of servers is relevant to GDPR. It's about storing and processing data of citizens of any EU member country.


Server location matters a lot.


If I run my app on Azure, is Microsoft responsible for me breaking GDPR?

SAP runs your instance, but isn't responsible for what you do with it.


https://www.sap.com/about/trust-center/data-privacy.html#act...


If they're deemed a data processors then yes in fact they do need to care about the application of the laws. SAP has user management at least in terms of companys' own users which will likely have PII.


The personal data handled by SAP, the ERP system not the company, is very well compartementalized and accessible only need-to-know. Assuming proper user rights policies and roles are in place, but that is on SAPs client, amd not SAP themselves.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: