Skip to Content

Where’s all the HR data in your organization?

There are a lot of discussions about privacy and data protection these days due to all the data leaks and breaches we can read about in the newspaper. HR data is especially sensitive in this respect and needs to be protected. The SAP HR system offers very good authorization tools (structural authorization, context sensitive authorizations).

But one things astonishes me again and again: When we are implementing a new SAP HR system there are always numerous interfaces existing between the old HR-system(s) and many other systems. And guess what: The funny thing is that at the beginning we are always discussing about the data protection for the HR system but nobody cares how the HR data you transfer to the other system is protected. Do not get me wrong: I do not want to implicate that the data is per se more secure when it is stored  on the SAP HR system and I know that HR data is needed in other systems for business purposes – e.g. for production planning. But nobody can release you from your liability as the owner of the HR data. And nobody will care when HR data will get lost from one system outside SAP HR whether you have done everything right. The reputation of the HR department will be damaged.

Therefore I always follow some simple steps in order to ensure an organization-wide protection of the HR data:

  1. New approach: I know that you are always under pressure to implement a HR solution as quickly as possible and that you will see these points below as an unnecessary burden. But just think of the cost for your company when a headhunter can get HR data out of a partner system and can hire your top employees. Therefore the first step must be that you see this area as part of your responsibilities. 
  2. Create a data map: Before discussing all the technical details for the outbound interfaces from the SAP HR system create a map with all the partner systems and with all the data which is distributed.
  3. Questions:  Discuss for every interface whether the distribution of the data is really necessary and whether it is not possible to exclude some data elements from the distribution.
  4. Service Level Agreements: Include a security chapter within the service level agreement. There should be a description included in the service level agreement which describes how the HR data is protected within the partner system and who can access this data.
  5. Approval: Present your findings and results in the project steering committee in order to be sure that all decision makers are aware of these challenges and clearly articulate the challenges if you were not successful with step 3-4 for a partner system.
  6. Hub concept: It is quite obvious that from a technical point of view you can support this approach by establishing the SAP PI as single point of distribution to the other systems so that you have one place to monitor all the data exchanges.
2 Comments
You must be Logged on to comment or reply to a post.
  • Hi Bernhard,
    Great article. I would have to agree with you that protecting HR data across the entire system landscape is critical and does sometimes get overlooked when implementing new HR systems. Taking the time to understand SAP HR data movement using a data map is a good idea and performing reviews ensures that only pertinent data is being sent, and in a secure fashion. I have often found as well that having clear documentation about the meaning of each HR data element, in the form of HR Data Standards is also a helpful step in the overall process. Especially when multiple systems are using and reporting on HR data for business purposes.
    • Hi Nicola,

      thanks for your kind feedback and especially thanks for the remark.
      You are right it is sometimes difficultfor the owner of the partner systems to understand the HR data structure .

      Best regards,
      Bernhard