Companies are serious about data strategy
A solid data strategy prevents compliance issues with software vendors
Compliance issues related to indirect usage hit the headlines over the last few months, due to the case of SAP v. Diageo. These problems can be avoided, by making contractual agreements with software vendors beforehand. This is closely linked to organizations’ data strategy.
Compliance issues related to indirect use can have huge financial implications for organizations. Earlier this year, a UK court made the British beverage supplier Diageo pay 60 million euros to SAP for indirect usage. Diageo gave users access to data in an SAP database via Salesforce, without any permission provided in SAP’s licensing conditions. Any IT person will tell you how vague these conditions can sometimes be. Although SAP now promises more clarity and transparency in their terms, in a previous blog, I recommended companies not to wait for SAP, but to take control themselves.
There is only one way to prevent such major back payments with full certainty: cover everything with SAP, in advance. Later on, you will always know exactly what you are entitled to do and there will be no surprises. However, making solid contractual agreements is easier said than done, because what exactly should you agree upon? You should know the added value of SAP to your organization and be able to look ahead a few years. And most importantly you need to know exactly what happens to your data. A discussion on indirect use is in fact always a conversation about data streams, data ownership and the right to edit data. Making the right decisions about indirect usage can therefore not be done without the organization's data strategy.
Over the last few years, data has become increasingly fluid within companies. Almost every organization uses various services from different vendors. Data going from one system to another. The unstoppable rise of cloud and related SaaS models have greatly contributed to this. This brings all kinds of strategic issues to organizations. Do I know where my data is? What do I do with my data? From whom is my data exactly? As more companies are heading towards a data-driven business model, these are vital questions from a privacy and data security perspective. Reasons enough: the lurking hackers, a new, stricter European privacy law and the penalties for a data breach speak for themselves (apart from the reputational damage). As a result, many companies are serious about their data strategy.
The advantages of such a data strategy go beyond preventing a data breach and being compliant with the law. It also helps to avoid compliance issues with software vendors. The indirect use case is a perfect example of this. If you have a clear idea of what you want to do with your data, it is easier to know what contractual agreements to make with SAP to prevent potential problems in the future. For example, you can already estimate that within three years, your employees will retrieve data from your SAP database, from multiple SaaS platforms – therefore, include a clause on this in the new contract. The result is that you are no longer dependent on SAP’s vague terms, but rather have concrete agreements (which you obviously will still need to discuss internally with all the technical stakeholders). In the short term, you may pay more, but in the long term, you make sure your decisions won’t become much more expensive. You can bet Diageo will take this approach moving forward.
This article is also published in Dutch on AG Connect.