Those of us based in the EU will know all too well about the forthcoming into force of General Data Protection Regulations (GDPR / RGPD / DS-GVO in English / French / German) and the none-too-clear associated national legislation. These consolidate existing privacy and data protection legislation and introduce new duties for holders of personal data, which is now very loosely defined, together with crippling penalties for non-compliance.

Un-surprisingly customers are now asking for assurances about the treatment of any data submitted in technical support cases. Despite a colleague of mine spending a significant part of the last month being passed from pillar-to-post around SAP (and back round again!) we have been unable to get any statement or policy document that explains this.

Such a policy must exist (by law, for organisations operating in the EU) - but who should we ask for it? No-one seems to know.

In a wider question, should SQLA support consider using more remote diagnostic tools so that potentially sensitive databases don't have to be actually sent to them?