Data protection and privacy
Data protection and privacy
We respect each individual’s privacy. Our policies and data processing agreements help us abide by relevant laws worldwide.
Our commitment to data protection and privacy
We monitor the global regulatory landscape to implement safeguards to protect the fundamental rights of anyone whose data is processed by SAP, including customers, suppliers, partners, prospects, employees, and applicants.
Data protection and privacy by design
SAP is continuously focused on improving its product development standards. We embed data protection and privacy features by design and default in our products and services.
Artificial intelligence (AI) at SAP
Our use of AI and its development occurs within the boundaries of SAP’s global AI ethics policy and applicable laws.
Data protection management system (DPMS)
SAP has implemented a DPMS with respect to its internal data protection and privacy controls in accordance with internally recognized industry standards.
General Data Protection Regulation (GDPR)
In Europe, an individual’s right to data privacy is a human right. As a German-based company, SAP has a long-standing commitment to these data privacy and protection principles.
Global data protection and privacy compliance
Find out how SAP monitors and stays compliant with the always evolving global data protection and privacy requirements applicable to SAP's products and services.
Data processing at SAP
SAP protects the rights of individuals whose data we process. We strive to continuously strengthen our reputation as a trusted and reliable business partner in the market.
Data protection and privacy certifications
SAP has a wide range of third-party audit reports, certifications, and attestations to demonstrate our compliance obligations with data protection and privacy requirements.
Audit reports and certifications
SAP maintains multiple industry-standard third-party certifications and audit reports in support of the TOMs described in our DPAs.
Industry-specific attestations
SAP has a variety of sector-specific attestations and authorizations for certain products and services to meet the needs of customers in various industries including FedRAMP and PCI DSS.
EU Cloud CoC reports
SAP has sought a "Declaration of Adherence" to the EU Cloud CoC for certain cloud services to demonstrate GDPR compliance in the SAP product and services portfolio.
Data protection management system (DPMS)
SAP has implemented a DPMS with respect to its internal data protection and privacy controls in accordance with internationally recognized industry standards.
Additional access to support documents
Available for SAP customers and partners with a valid SAP user ID.
DPA amendment signature self-service
SAP customers located in the EU/EEA have the option to sign a DPA amendment that includes the EU SCCs (Standard Contractual Clauses). It is available in several languages for SAP customers with a valid SAP user ID. SAP customers located in the UK have the additional option to sign a DPA amendment that includes the international data transfer addendum to the EU SCCs for international data transfers (the “UK IDTA”). It is available in English for SAP UK customers with a valid SAP user ID. More information about this service can be found in the FAQ document.
Disclaimer: Please note that the pre-signed DPA amendments are available only for the respective customers located in the EU/EEA or in the UK. The provided DPA amendment must be signed by a person who is authorized to sign it.