Companies are serious about data strategy
A solid data strategy prevents compliance issues with software vendors
Compliance issues related to indirect usage hit the headlines over the last few months, due to the case of SAP v. Diageo. These problems can be avoided, by making contractual agreements with software vendors beforehand. This is closely linked to organizations’ data strategy.
Compliance issues related to indirect use can have huge financial implications for organizations. Earlier this year, a UK court made the British beverage supplier Diageo pay 60 million euros to SAP for indirect usage. Diageo gave users access to data in an SAP database via Salesforce, without any permission provided in SAP’s licensing conditions. Any IT person will tell you how vague these conditions can sometimes be. Although SAP now promises more clarity and transparency in their terms, in a previous blog, I recommended companies not to wait for SAP, but to take control themselves.
There is only one way to prevent such major back payments with full certainty: cover everything with SAP, in advance. Later on, you will always know exactly what you are entitled to do and there will be no surprises. However, making solid contractual agreements is easier said than done, because what exactly should you agree upon? You should know the added value of SAP to your organization and be able to look ahead a few years. And most importantly you need to know exactly what happens to your data. A discussion on indirect use is in fact always a conversation about data streams, data ownership and the right to edit data. Making the right decisions about indirect usage can therefore not be done without the organization’s data strategy.
Over the last few years, data has become increasingly fluid within companies. Almost every organization uses various services from different vendors. Data going from one system to another. The unstoppable rise of cloud and related SaaS models have greatly contributed to this. This brings all kinds of strategic issues to organizations. Do I know where my data is? What do I do with my data? From whom is my data exactly? As more companies are heading towards a data-driven business model, these are vital questions from a privacy and data security perspective. Reasons enough: the lurking hackers, a new, stricter European privacy law and the penalties for a data breach speak for themselves (apart from the reputational damage). As a result, many companies are serious about their data strategy.
The advantages of such a data strategy go beyond preventing a data breach and being compliant with the law. It also helps to avoid compliance issues with software vendors. The indirect use case is a perfect example of this. If you have a clear idea of what you want to do with your data, it is easier to know what contractual agreements to make with SAP to prevent potential problems in the future. For example, you can already estimate that within three years, your employees will retrieve data from your SAP database, from multiple SaaS platforms – therefore, include a clause on this in the new contract. The result is that you are no longer dependent on SAP’s vague terms, but rather have concrete agreements (which you obviously will still need to discuss internally with all the technical stakeholders). In the short term, you may pay more, but in the long term, you make sure your decisions won’t become much more expensive. You can bet Diageo will take this approach moving forward.
This article is also published in Dutch on AG Connect.
This article was published on 20-07-2017
Mark co-founded B-lay in 2008 and is the company’s managing director since then. Additionally, to his managerial role, Mark is using the extensive software compliance knowledge he gathered since 1997 to help organizations worldwide get insight into the risks associated with using and managing their software licenses, as well as preventing compliance issues and save costs. This is also strongly visible in the Zyncc product line of B-lay. Prior to founding B-lay, he was responsible for all compliance activities in Europe, Middle East and Africa at Oracle. This included building the foundation for what now is the global Oracle License Management Services (LMS) team and onboarding the many acquisitions Oracle made over the years into the compliance program of Oracle.
Mark holds a bachelor’s degree in Company Economics and IT from Hogeschool Enschede in the Netherlands.