Organizational Resilience | BSI and Cranfield School of Management

39

SAP “has to look actively for disruptive events: what could happen, what could

endanger your business, the way you do business? Then you have to adapt.”

Despite a focus on internal processes, SAP also has to keep abreast of big changes,

which are often driven by customer demands, “we have to watch the customer

market, we have to watch what the customer needs, and then we have to react to

that.”

Another good example of changing early has been in relation to data protection

regulations. Specifically, SAP customers were becoming increasingly concerned

about the data protection policies in so-called ‘not secure countries’. In these

jurisdictions, SAP could rely on local law and legal requirements to ensure the

security of personal data. In response, SAP invested in building a specific European

support organization for its European customers who wanted to make sure that

their data didn’t leave European borders. They also redeveloped clauses with their

business partners in ‘not secure countries’ to ensure they did everything that is

required to protect the data. “We reacted much earlier than everybody else because

we were listening to our customers, we were observing the market and we were able

to proactively change the way we offered support to our customers.”

SAP is now ahead of the game with regards to the General Data Protection

Regulation of the EU, which will come into force in May 2018. The regulation

will require every company in Europe to have something like a data protection

management system: “Many of them follow what we had in the past, so it’s minor

changes for many of those requirements, but some of the requirements are pretty

new, and now we all have to come up with new ideas.”