The document outlines the SAP Hybris Commerce solution's features in relation to the GDPR, which takes effect on May 25, 2018, and mandates penalties for non-compliance. Key features include consent management, personal data reporting, customer account closure, and data retention/erasure capabilities. The presentation emphasizes the importance of customer control over personal data and the need for transparency and trust in data management practices.

1. PUBLIC
Mathew Forsyth, SAP
October18,2017
Address GDPR Mandates
with SAP Hybris Commerce

2. 2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Agenda
GDPR Overview
GDPR features of the SAP Hybris Commerce solution
§ Consent Management
§ Personal Data Reporting
§ Customer Account Closure
Demonstration
Q&A
§ Data Retention/Erasure
§ Annotation Framework

3. 3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Overview
Why?
Penalties up to 4% of annual global revenue or €20
million.
European Union regulations designed to give individuals
control and protection over their personal data.What?
When? The General Data Protection Regulation
(GDPR) takes effect on May 25, 2018.

4. 4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
“Personal information has become
currency, so enterprises must
deliver value in exchange for it, and
build trust that it won’t be
compromised.”
GDPR Overview

5. 5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Allows customers to self-manage
their consents from opting in or out,
and updating consents.
Provides customers with more and
clearer information about the
intended use of their personal data.
Configurable consenttemplates
out-of-the-box for rapid extensibility
and deployment
1. Anonymous user Consent Management
2. Registered customer Consent Management
GDPR Feature | Consent Management

6. 6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Registered customers
manage consents from
a new Consent
Management page.
3
Integration interface
for easy integration with
other systems.
Anonymous user
consent is captured
on website entry.
1
Registered customer
consent is captured
during standard website
user flows.
2
GDPR Feature | Consent Management / User Flow

7. 7PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Consent Management / Anonymous

8. 8PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Consent Management / Registered

9. 9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Consent Management / Update

10. 10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Personal Data Reporting
Allows customers to request
reports delivered through
standard customer support
channels.
Reports provide transparencyto
customers about what information
is held about them.
Configurable report templates
out-of-the-box for rapid
extensibility and deployment
X1. Customer report request
2. Customer support agent report generation
and delivery

11. 11PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Reports are configurable
so that more or less data
is provided.
Customer support
agent delivers report
using back-office tools.
3
Customer requests a
report using a customer
support channel.
1
Customer support
agent generates report
using back-office tools.
2
GDPR Feature | Personal Data Reporting / User Flow

12. 12PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Personal Data Reporting / Report Generation

13. 13PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Personal Data Reporting / Report Download

14. 14PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Personal Data Reporting / Report Template

15. 15PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Allows customers to close their
accounts through self-service
and have their data removed.
Depends on retention/erasure
framework to ensure a customer’s
data is kept if needed.
Configurable retention/erasure
templates out-of-the-box for rapid
extensibility and deployment.
1. Manual customer account closure
2. Automated data erasure based on retention
periods
GDPR Feature | Customer Account Closure

16. 16PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Customer closes their
account within the My
Account area.
1
Integration interface to
enable easy integration
with other systems.
Data is physically
deleted once retention
periods expire.
3
Certain data is retained
based on legally defined
retention periods.
2
GDPR Feature | Customer Account Closure / User Flow

17. 17PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
GDPR Feature | Customer Account Closure / My Account

18. 18PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Demonstration
1. Consent Management
2. Personal Data Reporting
3. Customer Account Closure
4. Data Erasure/Retention & Annotation frameworks

19. 19PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Technical Track | Consent Management
Yi Ji: Demonstrating how to use and extend
consent management on your storefront.
Technology Enablement Sessions
1. Thu 11:15–12:15 p.m.
2. Thu 15:00–16:00
• ID 52773

20. 20PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Q&A

21. Thank you.
Contact information:
Mathew Forsyth
Senior Product Manager
SAP Hybris
Munich, Germany
+49 172 574 2296

22. 23PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Q&A | Personal Data Annotation Framework
EXTERNAL
Personal Data
Item Type
Attributes XML
Config File