With each passing year, the information age becomes even more digitalized. Almost every process from
shopping to healthcare, in one way or another, demands the handover of digitized personal data into the
care of those who promise to handle it responsibly. With the submergence of society under the digital
wave of the new millennium this data might rapidly be drifting out of reach. Out of reach and into the
nets of those that treat it like a commodity or worse.

In an attempt to give back the control of their personal data to its citizens, the European Union (EU) has
drawn up a modernized law to protect that data: the General Data Protection Regulation (GDPR). GDPR
provides a legal framework for compliance, affecting global businesses with headquarters both inside and
outside Europe. The official GDPR regulation can be found on the EUR-lex website. This robust policy has
a firm deadline of the 25th of May 2018 with severe fines facing organizations that are not in compliance.

This whitepaper strives to provide structure to the 88-page legislation by separating it into smaller
segments for SAP customers to be able to answer a few of their most important questions. The first
section of the whitepaper will be valuable for anybody wondering if they are affected by GDPR as it will
go through the regulation at a high level. We will then focus on SAP itself and how to approach the
challenge of making sure that your systems are compliant. A large part this whitepaper will benefit
anyone looking for a hands-on approach to achieve GDPR compliance from a more technical system
analysis perspective.