“If you think compliance is expensive, try non-compliance”. I am sure you know this quote from Paul McNulty, former U.S. Deputy Attorney General. And looking at the top risks for 2025 with “Compliance and Regulations” super-inflation still being a major cause for concern for companies world-wide, it looks like Compliance and the risk of penalties associated with non-conformity will continue to be a heavy burden for the foreseeable future.

To better understand which were the most often cited regulations, I decided to analyse last years’ 2023-2024 annual reports for the top 30 US and top 30 EU listed companies.

Undeniably, Data Privacy & Protection and Data Security laws were trusting the first spots.

As a result, I thought it would be relevant to explain what SAP is doing to help companies streamline their compliance on Data Privacy. Especially when it comes to the General Data Protection Regulation (GDPR) since regulatory breach here could end up with significant penalties: up to 20 million Euros or 4% of the worldwide turnover whichever is the highest… Paul McNulty’s quote on cost of non-compliance is definitely applicable here!

SAP Risk and Assurance Management for control and risk

Within the SAP Governance, Risk, and Compliance (GRC) portfolio, SAP Risk and Assurance Management is our cloud offering for risk and control management.

Covering the entire cycle from identifying and assessing risks, to documenting and linking relevant controls, automating them and remediating any issues, it enables companies to monitor and assess inconsistencies in processes, operating procedures, policies, etc.

But if software helps automate the process, one key requirement is to have the right controls documented to start with. And here, SAP has partnered with Europrivacy™/®.

Europrivacy: the official European Data Protection Seal for GDPR certification

Europrivacy is a certification scheme researched and developed through the European Research Programme to assess, document, certify and value compliance with the GDPR and complementary data protection regulations.

It is maintained by the European Centre for Certification and Privacy (ECCP) in Luxembourg under the supervision of an International Board of Experts in data protection.

Nevertheless, it is far more than a certification scheme. It provides a comprehensive set of online resources and services to effectively implement, enhance and demonstrate data protection compliance. It is supported by an ecosystem of qualified partners, the Europrivacy online Academy, the Community website, and online tools.

It presents numerous benefits and advantages. As a matter of fact, there are at least 10 (very good) reasons to embrace a Europrivacy certification:

1. Build trust and confidence with your partners, investors, and end-users
2. Identify and reduce legal, financial, and reputational risks
3. Check and demonstrate GDPR compliance
4. Develop a competitive advantage
5. Turn compliance into value and a source of revenue
6. Improve reputation and access to market
7. Facilitate data transfers (cross-border and processor)
8. Easily extend compliance to non-European Union jurisdictions and other EU regulations
9. Receive regulatory updates
10. Legally recognized by all European Union and European Economic Area Member States

As an official Europrivacy partner, SAP has developed a user-friendly solution that enables Applicants to prepare and document their compliance for the Europrivacy certification. SAP offers a solution to:

1. Review and document the compliance of your data processing;
2. Identify potential non conformity;
3. Inform you when you have reached the level of readiness to start the certification.

How does this work?

To benefit from this content, the process itself is rather simple and is summarized below:

1

In the existing tenant, authorized user can open the Manage Business Content Packages app and locate the Europrivacy content ready for installation.

2

Specify the target tenant where you want this content deployed to. Details here are available in the Process for Content Consumers page. Survey-type Manual Procedures will then be made available automatically in your SAP Risk and Assurance Management instance.

3

Once activated, assign the Manual Procedures to a Control, and then to a Work Package for it to be triggered

4

Lay back, track progress and monitor results in the Manual Procedures Overview App

Next-generation (Privacy) control & risk solution for the cloud

Combining best of both worlds: best in class GRC software with SAP Risk and Assurance Management and continuously monitored and updated requirements by an International Board of Experts from Europrivacy, companies can:

• Leverage one platform for many use cases across the enterprise – including Data Privacy of course but also Financial Compliance, Operational Efficiency, Tax Management and more
• Transform governance, risk, and compliance (GRC) from a cost factor (imposing task) to a strategic differentiator (business optimization)
• Integrate natively into S/4HANA Public Cloud, Private Cloud Edition, or on-premise as well to avoid data replication
• Align with regulatory changes and jurisprudences

Interested in learning more?

If you’d like to investigate further, I have added below a few links that I think will be helpful:

• Overview of SAP Risk and Assurance Management – including a short product video
• Europrivacy Resources, Tools and Trainings
• Design Manual Procedures in SAP Risk and Assurance Management
• Europrivacy LinkedIn account and Youtube channel

What about you, how does your company manage Data Privacy regulations? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard

*Europrivacy is a trademark registered in several jurisdictions