Organisational Report

SAP “has to look actively for disruptive events: what could happen, what could endanger your business, the way you do business? Then you have to adapt.” Despite a focus on internal processes, SAP also has to keep abreast of big changes, which are often driven by customer demands, “we have to watch the customer market, we have to watch what the customer needs, and then we have to react to that.” Another good example of changing early has been in relation to data protection regulations. Specifically, SAP customers were becoming increasingly concerned about the data protection policies in so-called ‘not secure countries’. In these jurisdictions, SAP could rely on local law and legal requirements to ensure the security of personal data. In response, SAP invested in building a specific European support organization for its European customers who wanted to make sure that their data didn’t leave European borders. They also redeveloped clauses with their business partners in ‘not secure countries’ to ensure they did everything that is required to protect the data. “We reacted much earlier than everybody else because we were listening to our customers, we were observing the market and we were able to proactively change the way we offered support to our customers.” SAP is now ahead of the game with regards to the General Data Protection Regulation of the EU, which will come into force in May 2018. The regulation will require every company in Europe to have something like a data protection management system: “Many of them follow what we had in the past, so it’s minor changes for many of those requirements, but some of the requirements are pretty new, and now we all have to come up with new ideas.”

Organizational Resilience | BSI and Cranfield School of Management

39