Skip to Content

        With regard to data privacy management of customers, each and every organization should identify and control the statutory and regulatory requirements of the geographies that they are operating in. Some of the examples are FDA in US, DPA in UK and Consumer Protection Laws in Japan. In particular industries like healthcare, sensitive customer data removal could be one of the regulatory or statutory compliance that the organizations needs to adhere while dealing with the sensitive data of their customers.

Possible scenarios for data privacy management could be

1. On customer request – Customer may request the organization to anonymise their personal identifiable information or remove from organizational database.

2. Organization Decision – After certain retention period, organizations may decide to remove the customer data from the system.

There are two ways of dealing with the consumer data in SAP C4C

1. Anonymising the customer data

2. Removing the customer data

Anonymising the consumer data: Anonymization is the process of turning personal data in to anonymised information which does not identify an individual. Typically this data includes first name, last name, phone number, email and address details. This could be achieved in SAP C4C by replacing the actual customer data with anonymous data like XXXX or empty.

Let us take individual customer as an example

Steps in C4C:

1. Login to C4C in HTML5 mode

2. Search for the individual customers

SCN1.JPG

3. Select the individual customers and replace the header data with XXXX for mandatory fields and empty all other data and Save.

scn2.JPG

4. Testing: Open the transactions for that consumer/individual customer and ensure that the personal data is removed/changed accordingly.

Removing the customer data: SAP C4C provides a standard functionality to remove customer data from C4C system post expiration of retention period. This retention period depends on the organization’s policy or as per the country’s regulatory authority. This functionality enables organizations to control their business partners, employees, individual customers and contacts data.

Steps in C4C:

1. Login to C4C in admin mode

2. Go to Personal Data Removal under Data Privacy Management work centre as shown below

scn3.JPG

3. Select the records that you want to delete > Select Remove Data> Confirm deletion in the pop up

scn4.JPGscn5.JPGscn6.JPGscn7.JPG

In case, if the organization has a requirement to remove documents data with expired retention periods, the same can be done using document removal under data privacy management as shown below.

scn8.JPG

Same way, we can also deal with the access of business partners (employees/customer/individual customers/contacts) personal data by selecting Personal data disclosure under data privacy management.

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Angelika Hendrick

    Hi Srinivasa, maybe you could clarify some point I have? Could you maybe advise when the retention period starts, i.e. is it on first contact of the customer as in the creation date in the C4C?  I can see that I can set months and years, but what is the criteria for inactivity to determine if a customer should be removed or not.  Does inactivity mean no activities at all (emails, meetings etc) for that period?  I am also not sure how to use the ‘Relative End Date’ of the retention period?  Is this used instead of months and years?

     

     

    (0) 

Leave a Reply