The vast majority (86%) of organizations don’t understand how the GDPR could affect their current SAP environment and compliance concerns are increasing, according to a new SAP User Group study.
Over half (51%) said compliance concerns have exacerbated in the past year, with cloud computing (53%) and workforce mobility (57%) causing particular challenges.
The majority (55%) said these issues had increased SAP security challenges, while just under half (49%) claimed they had greater concerns around securing their SAP environment than they did 12 months ago.
Access control (70%) is a particular challenge, while 73% of users said it’s hard to balance workforce productivity and flexibility with security and compliance.
Brian Froom, audit, control and security SIG chair at the UK & Ireland SAP User Group, argued that it’s important to regularly manage and review the access rights of all users, working on a principle of least privilege.
“At the same time, they must ensure that the segregation of duties are appropriately managed and controlled,” he told Infosecurity Magazine. “Ultimately, ensuring a good level of access control will go a long way to showing how an organization protects its information assets. This is especially important with GDPR around the corner.”
The news is particularly concerning given that organizations have less than a year to get their house in order before the GDPR deadline on 25 May 2018.
The omens don’t look good, with several recent surveys seeming to indicate many firms won’t be ready by the deadline.
The problem is particularly pronounced in the SME sector. A recent poll from Shred-it claimed 84% of the UK’s small business owners are unaware of the GDPR.
The ICO claimed in March that UK councils are also falling behind on compliance, with a quarter still having yet to appoint a data protection officer—a key requirement of the regulation which could incur a penalty fine of up to €10m or 2% of global annual turnover.