Skip to Content

Many organizations are concerned about how the European data
privacy regulation known as GDPR or EU-DSGVO might impact
their day-to-day business especially if they are using cloud business

See the video below to get in two minutes an idea on what GDPR is
and what you need to consider for your business latest until
May 25th 2018
(more links can be found below):

The powerful capabilities which SAP’s Cloud ERP Business ByDesign provides already since a couple of releases will help you to execute the GDPR related data privacy policies your organization might setup. With ByDesign your data privacy officers will be enabled to:

  1. Ensure that user authorization allows access to data only to users which need the data for business processes
  2. Configure minimal retention periods for key business documents in order to block deletion if they are still needed e.g. for accounting.
  3. Access and analyze change logs for data especially for accounts, contacts and employees.
  4. Most important: Centrally work on data privacy requests with a dedicated data privacy work center which provides an overview on the data stored about natural persons (e.g. employee, private account) and the deletion of personal data across business scenarios and documents.
  5. Build custom add-ons using PDI which flag usage of personal data to make it available for central disclosure or deletion


The demo video below gives you an impression on how this works in our 1708 release:

As you have seen in the demo the data privacy expert can use the data privacy work center to easily find employees, service agents (i.e. external employees) or private accounts (1) and to trigger the deletion (3). Additionally he can generate a synopsis for master and transactional data which is stored for a natural person in the system (2) as you can see in the screenshots below.

Data disclosure and deletion of personal data coming from custom add-ons is also supported by using the cloud application development studio (PDI). With 1711 customers and partners are enabled to identify all the personal data stored in add-on BO’s using ABSL coding and to include it for disclosure, anonymization or deletion. Here you find a good tutorial on how this works.

Furthermore you can define in the business configuration the data retention periods for multiple business areas and countries which control that data cannot be deleted within the minimal retention period.

Administrators, sales and marketing employees can according to their authorization access change logs:

  1. See changes per date and user
  2. See changed attribute with old / new value and modification type
  3. Export changes

Finally ByDesign does not only control what happens inside the system but also how data is being consumed in external applications with the standard web-services and interfaces.

  1. Communication scenarios and arrangements allow to control external access (via the Application and User Management work center).
  2. Valid certificates are required to allow access ByDesign Web services.
  3. Communication Monitoring for e.g. failed web service calls. Customers still need to assess which integration scenarios are exposed to whom.

Here you get general overview material on GDPR, the SAP GDPR policies and especially the SAP data center data privacy measures and it’s certifications which are continuously being audited:


The information provided in this blog should not be considered as legal advice or replace legal counsel for your specific needs.

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

    1. Jan Matthes Post author

      Hi Krish, my pleasure ;o)

      Byd and C4C use the sam platform and we have jointly developed some of the capabilities. I do not know what of this is available in detail but the general features are the same.






Leave a Reply