The data exporter uses services provided by the data importer. These services may include the processing of personal data by the data importer or the provision of maintenance and assistance services by data importers on systems that may contain personal data. Details are contained in the services, particularly in the specific annexes describing the data protection service. Including, without restriction, the data importer must: I have also decided to review some of the other SAP data processing contracts, and found similar language in their DPAs of support and professional services:”The customer does not grant SAP access to licensing systems or personal data (customer or third party), unless such access is essential to the delivery of SAP Services. Customers should not store personal data in non-productive environments. SAP customers have recently received emails highlighting these changes in terms and conditions, forcing customers to respond very quickly. Sand changesThis changes in SAP conditions (Cloud, Service and Support) set up two SAP guides – best practice guides and DPAs – on a very strong collision course. Those who continue to copy real data into non-production systems or test real loads of data in those systems must now find a way to delete personal data. Given the multiplicity of data protection laws, including the RGPD, that have come out over the past two years (with more projects in the next two years), it is not surprising that SAP makes this clear distinction and I expect that most ISs will also follow their lead. This does not necessarily mean the end of copies of the system, but it does require further action. I would urge the organisations to consider on this occasion whether they really need all the production data for testing.

Our Sync™ and Object Sync™ customer solutions offer much thinner on-demand customers and on-demand data for functional experts. Both now include direct integration into Data Secure™, so that the data can be hidden with the same guidelines, and in addition, the data is hidden at the end – the production system is already hidden. At least Data Secure™ can help hide copied systems before they are shared for users. Recently, we have seen a number of customers who have replaced their own Z test data masking programs with our “Best of Breed” solution in this area.