Data Protection and Privacy – Q1 2018 updates
We live in a world of ever-increasing threats to data security and fast-evolving international requirements for data protection and privacy. At times like this it’s important to have a trusted partner like SAP on your side. SAP has over 40 years of leadership in data protection and privacy, providing best practices and guidance to enable customers to comply with regulations worldwide.
The SAP SuccessFactors Q1 2018 release includes a number of new and enhanced features to help you comply with data privacy and protection regulations. Securing data and protecting individuals’ personal information should not be seen as a burden by organizations, but rather as an opportunity to earn and sustain customer and employee trust, increase stakeholder engagement and protect your business. The Q1 release includes features that allow you to classify data elements as personal data, restrict access to personal data, define data retention and purge rules, permanently purge data from your system, produce reports showing personal data of individuals across the SAP SuccessFactors HCM Suite, as well as other features.
Now let’s look at a couple of these features in more detail.
Data Retention and Purge
Data storage has become quite inexpensive in the past several years which has led to organizations storing more data for longer periods of time – it’s easy to do and not that expensive to manage. However, this practice increases a company’s risk of data breaches. It therefore makes good business sense to purge (or permanently delete) data once there is no longer a business reason for keeping it. Purging data is also a requirement of some data protection and privacy laws.
Determining how long to keep data can be complex and is influenced by a wide range of factors, such as regulatory requirements in different locations, business needs, involvement in litigation, etc. We are therefore offering a central location to configure country-specific retention times across all SAP SuccessFactors solutions. You can limit who has authorization to create purge requests and enforce approvals prior to the data actually being deleted.
Figure 1: Defining country-specific data retention rules
Data Subject Information Report
Companies store all kinds of personal data on their employees, from basic information like name and address to more potential sensitive information such as marital status and the results of performance reviews. Employees and former employees have the right to know exactly what personal information has been stored and for what purpose.
In order to be compliant with data protection and privacy laws, you need to be able to respond if someone makes such a request. You can use the Data Subject Information tool to compile a report containing all the personal information that is stored on that person, and can then provide the report in PDF or CSV format.
Figure 2: Search for data subject
Figure 3: Sample Data Subject Information report output in CSV format.
As a general principle, you should only store historical personal data in your system for the legally required retention time. And as long as this personal data is being stored, it is important to ensure that it is only ever accessible by authorized users. As of the Q1 2018 release, you can control exactly how long individual roles will be able to access historical personal data, based on their role-based permissions.
SAP SuccessFactors values data protection as essential and is fully committed to helping customers comply with applicable regulations – including the requirements imposed by the General Data Protection Regulation (GDPR).
By delivering features and functionalities that are designed to strengthen data protection and security, such as those in this release, customers get valuable support in their compliance efforts. However, it remains each customer’s responsibility to evaluate legal requirements and to implement, configure and use the features provided by SAP SuccessFactors in compliance with all applicable regulations.
Customers and partners are invited to visit the SuccessFactors Customer Community Data Protection and Privacy forum to join the discussion with peers and product specialists around SAP SuccessFactors data protection and privacy features.
Learn about the other new features and enhancements to the SAP SuccessFactors HCM Suite in our Q1 2018 Release Highlights document and hear from our Head of Product Amy Wilson in our release highlights video on YouTube.