![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0037.png)
Organizational Resilience | BSI and Cranfield School of Management
39
SAP “has to look actively for disruptive events: what could happen, what could
endanger your business, the way you do business? Then you have to adapt.”
Despite a focus on internal processes, SAP also has to keep abreast of big changes,
which are often driven by customer demands, “we have to watch the customer
market, we have to watch what the customer needs, and then we have to react to
that.”
Another good example of changing early has been in relation to data protection
regulations. Specifically, SAP customers were becoming increasingly concerned
about the data protection policies in so-called ‘not secure countries’. In these
jurisdictions, SAP could rely on local law and legal requirements to ensure the
security of personal data. In response, SAP invested in building a specific European
support organization for its European customers who wanted to make sure that
their data didn’t leave European borders. They also redeveloped clauses with their
business partners in ‘not secure countries’ to ensure they did everything that is
required to protect the data. “We reacted much earlier than everybody else because
we were listening to our customers, we were observing the market and we were able
to proactively change the way we offered support to our customers.”
SAP is now ahead of the game with regards to the General Data Protection
Regulation of the EU, which will come into force in May 2018. The regulation
will require every company in Europe to have something like a data protection
management system: “Many of them follow what we had in the past, so it’s minor
changes for many of those requirements, but some of the requirements are pretty
new, and now we all have to come up with new ideas.”