Skip to Content

We live in a world of ever-increasing threats to data security and fast-evolving international requirements for data protection and privacy. At times like this it’s important to have a trusted partner like SAP on your side. SAP has over 40 years of leadership in data protection and privacy, providing best practices and guidance to enable customers to comply with regulations worldwide.

The SAP SuccessFactors Q1 2018 release includes a number of new and enhanced features to help you comply with data privacy and protection regulations. Securing data and protecting individuals’ personal information should not be seen as a burden by organizations, but rather as an opportunity to earn and sustain customer and employee trust, increase stakeholder engagement and protect your business. The Q1 release includes features that allow you to classify data elements as personal data, restrict access to personal data, define data retention and purge rules, permanently purge data from your system, produce reports showing personal data of individuals across the SAP SuccessFactors HCM Suite, as well as other features.

Now let’s look at a couple of these features in more detail.

Data Retention and Purge

Data storage has become quite inexpensive in the past several years which has led to organizations storing more data for longer periods of time – it’s easy to do and not that expensive to manage. However, this practice increases a company’s risk of data breaches. It therefore makes good business sense to purge (or permanently delete) data once there is no longer a business reason for keeping it. Purging data is also a requirement of some data protection and privacy laws.

Determining how long to keep data can be complex and is influenced by a wide range of factors, such as regulatory requirements in different locations, business needs, involvement in litigation, etc. We are therefore offering a central location to configure country-specific retention times across all SAP SuccessFactors solutions. You can limit who has authorization to create purge requests and enforce approvals prior to the data actually being deleted.

Figure 1: Defining country-specific data retention rules 

Data Subject Information Report

Companies store all kinds of personal data on their employees, from basic information like name and address to more potential sensitive information such as marital status and the results of performance reviews. Employees and former employees have the right to know exactly what personal information has been stored and for what purpose.

In order to be compliant with data protection and privacy laws, you need to be able to respond if someone makes such a request. You can use the Data Subject Information tool to compile a report containing all the personal information that is stored on that person, and can then provide the report in PDF or CSV format.

Figure 2: Search for data subject

Figure 3: Sample Data Subject Information report output in CSV format.

Data blocking 

As a general principle, you should only store historical personal data in your system for the legally required retention time. And as long as this personal data is being stored, it is important to ensure that it is only ever accessible by authorized users. As of the Q1 2018 release, you can control exactly how long individual roles will be able to access historical personal data, based on their role-based permissions.

Conclusion

SAP SuccessFactors values data protection as essential and is fully committed to helping customers comply with applicable regulations – including the requirements imposed by the General Data Protection Regulation (GDPR).

By delivering features and functionalities that are designed to strengthen data protection and security, such as those in this release, customers get valuable support in their compliance efforts. However, it remains each customer’s responsibility to evaluate legal requirements and to implement, configure and use the features provided by SAP SuccessFactors in compliance with all applicable regulations.

Customers and partners are invited to visit the SuccessFactors Customer Community Data Protection and Privacy forum to join the discussion with peers and product specialists around SAP SuccessFactors data protection and privacy features.

Learn about the other new features and enhancements to the SAP SuccessFactors HCM Suite in our Q1 2018 Release Highlights document and hear from our Head of Product Amy Wilson in our release highlights video on YouTube.

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Marcus Bonrat

    Hi Kim,

    Thank you for sharing. My organisation has employees from all over the world. Can you help me understand these :

    1. The functionalities you described above such as data retention, blocking, purging, classification, reporting etc. are meant for non-EU employees only ? As for EU employees, there are separate functionalities and configurations that SF delivers to meet GDPR ?
    2. In short, are there different (separate) configuration options and functionalities to meet data protection and privacy requirements within SF for EU and non-EU employees ? Or how are the various configuration options delivered within SF on data protection and privacy work holistically for the various world-wide employees ?

    Thank you and regards,

    Marcus

     

    (0) 
    1. Kim Lessley Post author

      Hi Marcus,

      The features described in my blog can be used for meeting data privacy regulations around the world (i.e. they are not specific to the GDPR). Data retention rules can be defined on a country by country basis whereas other features, like data blocking and reporting would apply globally. Please refer to the documentation Setting Up and Using Data Protection and Privacy Features for more details.

      Cheers, Kim

       

      (0) 
  2. Erik Ebert

    Hi Kim

    Nice article and thank you for writing it.

    If a client does not have EC but talent modules and wants to utilise DRTM, how does the new data retemtion tool know which country a user  is assigned to. Is it the COUNRY field in Employee Profile that needs to have a ISO code in it, eg. DEU or USA ?

    Thanks,

    Erik Ebert

     

    (0) 
  3. Arthur Parisius

    Hi Kim,

     

    Nice article but I am wondering if you might also know where I could get the information about what changes need to be done on the SAP side of things. From what I can see this looks more focused on the SuccesFactors side. I’m asking because I’m having an issue with the interface between SAP and SuccesFactors that synchronizes the employee data. From what I’ve understood an extra field CompanyExitDate has been added but when I check on the SAP side I don’t see the field as added.

    I’ve been trying to search for data on what needs to be done on the SAP side but had no succes. I’m hoping you might be able to point me in the right direction.

     

    Thanks in advance,

    Arthur Parisius

     

    (0) 

Leave a Reply