With regard to data privacy management of customers, each and every organization should identify and control the statutory and regulatory requirements of the geographies that they are operating in. Some of the examples are FDA in US, DPA in UK and Consumer Protection Laws in Japan. In particular industries like healthcare, sensitive customer data removal could be one of the regulatory or statutory compliance that the organizations needs to adhere while dealing with the sensitive data of their customers.
Possible scenarios for data privacy management could be
1. On customer request – Customer may request the organization to anonymise their personal identifiable information or remove from organizational database.
2. Organization Decision – After certain retention period, organizations may decide to remove the customer data from the system.
There are two ways of dealing with the consumer data in SAP C4C
1. Anonymising the customer data
2. Removing the customer data
Anonymising the consumer data: Anonymization is the process of turning personal data in to anonymised information which does not identify an individual. Typically this data includes first name, last name, phone number, email and address details. This could be achieved in SAP C4C by replacing the actual customer data with anonymous data like XXXX or empty.
Let us take individual customer as an example
Steps in C4C:
1. Login to C4C in HTML5 mode
2. Search for the individual customers
3. Select the individual customers and replace the header data with XXXX for mandatory fields and empty all other data and Save.
4. Testing: Open the transactions for that consumer/individual customer and ensure that the personal data is removed/changed accordingly.
Removing the customer data: SAP C4C provides a standard functionality to remove customer data from C4C system post expiration of retention period. This retention period depends on the organization’s policy or as per the country’s regulatory authority. This functionality enables organizations to control their business partners, employees, individual customers and contacts data.
Steps in C4C:
1. Login to C4C in admin mode
2. Go to Personal Data Removal under Data Privacy Management work centre as shown below
3. Select the records that you want to delete > Select Remove Data> Confirm deletion in the pop up
In case, if the organization has a requirement to remove documents data with expired retention periods, the same can be done using document removal under data privacy management as shown below.
Same way, we can also deal with the access of business partners (employees/customer/individual customers/contacts) personal data by selecting Personal data disclosure under data privacy management.