12:30 - 13:00     Welcome   13:10 - 13:55     Terumo and Flexso will share insights on the successful implementation of SuccessFactors Compensation module. (By Flexso)   13:55 - 14:25     Roadmap Successfactors (machine learning, …). (By SAP)   14:25 - 14:55     Payroll in the Cloud - (By SAP)   14:55 - 15:20     Coffee break   15:20 - 16:10     GDPR - SD Worx and SAP will explain an approach for becoming compliant with GDPR in the domain of HR, (By SDWORX/SAP)   16:10 - 16:50     News from SAP (By SAP)   16:50 - 18:00     Network Drink   18/09/2018

Philip Trappeniers, Enterprise Architect SAP BeLux December 2017 General Data Protection Regulation Solutions for SAP HCM software Philip Trappeniers, Enterprise Architect SAP BeLux December 2017

Data processor responsibilities Common approach for all SAP Cloud offerings Official communication (GDPR - Getting ready for may 25) SAP Cloud Secure Documentation and ISO27001 certification document SAP’s Data Processing Agreement Initially based on the German Privacy law, which served as basis for GDPR Data Centers in Europe, EU Access Option Eg Data Encryption at rest and in motion

SAP solutions GDPR compliancy SAP’s products are designed to allow our customers to operate their systems in compliance with data protection laws and regulations. It is the Customers responsibility to comply with the pertinent laws within the legal jurisdictions in which they will carry on business operations with SAP’s products. In complying, Customers can use manual and / or computer processes.

Erasure of data Data Retention Management tool (DRM) New in Q4 Data retention time management allows to configure the retention time for different types of data, in different countries and for different user statuses, so that you can protect data from being purged during its retention time. Data deletion transactions (PU03) Data retention management using SAP Information Lifecycle Management

Consent Management Consent Management in E-Recruiting Future functionality more granular consent as well as consent for active employees E-Recruiting: data privacy statement in registration page

Access to information, data portability and rectification All personal data for a data subject is available for reporting and thus also for download. Access via Portal (e.g. SAP Cloud Platform), e.g. for former employees Rectifications via Self-Service New in Q4: The Data Subject Information Report enables you to compile a report containing all the personal information that is stored on a particular employee, so that you can provide this information to the employee upon request.

SAP Data Encryption by CipherCloud

Anonimisation Third party tools SAP Test Data Migration Server (TDMS) During transfer of data from prod to test In production (e.g. as alternative to deletion)

Read auditing and reporting on sensitive personal data Q1 / 2018 Read auditing and reporting on sensitive personal data Capturing access New suitewide solution is being built to capture read access for sensitive personal data (such as national ID, trade union membership) Solution will cover all channels, including UI, API, exports, and reporting Reporting on data access Self-service reporting Reporting on access to sensitive personal data of a specific data subject: A report will be provided on all access made to the sensitive personal data of a data subject Reporting on sensitive personal data access by an individual: A report will be provided on all the sensitive personal data viewed by a user

Change auditing and reporting on personal data changes Q1 / 2018 Change auditing and reporting on personal data changes Capturing changes Existing audit solutions will be enhanced to support the customer in capturing changes in personal data. All channels, including UI, APIs, and imports, are covered Changes to metadata framework (MDF) object definitions are covered as well Reporting on changes Self-service reportings Reporting on changes to personal data of a specific data subject: A report will be provided on changes made to a specific data subject Reporting on changes to personal data by a specific user: A report will be provided on changes to personal data made by a specific user Report on changes made to authorizations (RBP)

Data purge and blocking Q1 / 2018 Data purge and blocking Retention time configuration New retention time configuration will be available. The customer will be able to define retention times for purge objects definitions. Purge object definitions are a logical view on data that have to be purged together. Purge object definitions will be predelivered; retention times must be set up by the customer. Customer extensions can be covered via configuration as well Data retention management (DRM) purge tool Existing DRM solution will be revamped with new purge rules that can be used to schedule purge jobs on a regular basis. The new purge rules will consider the configured retention times and purge historical data accordingly Blocking Access to historical data still residing in the system because of configured retention times will be blocked based on permissions

Q2 / 2018 Privacy Center One stop shop for all Data Privacy and Protection tasks Enables features like Russia Data Privacy solution management, Change Auditing, Read Auditing, Information reporting

Thank you. Contact information: Philip Trappeniers SAP BeLux - Enterprise Architect Avenue des Olympiades 2 | B-1140 Brussels | Belgium M +32 (0)499 56 73 78 T +32 (0)2 674 65 55