How to protect personal data?
Many of you asked us how to use SAP Financial Consolidation’s GDPR features, hence the following FAQ 🙂
What is GDPR?
The European Union released the General Data Protection Regulation (GDPR) to reflect the rising importance of the right of the individual when processing their data in today’s economy through increased obligations to entities processing personal data with powerful enforcements.
What is SAP data protection policy?
To comply with applicable data protection and privacy laws, SAP adopted a global policy that outlines a standard for handling personal data. Read the SAP global data protection and privacy policy.
Is SAP Financial Consolidation GDPR compliant?
Yes. The software is GDPR compliant since November 2017, with release 10.1 SP06.
What does GDPR implies in SAP Financial Consolidation?
We’ve developed a new set of new protection of personal data features and an enriched our product documentation. Our development is done following the BS 10012 Personal Information Management System standards from the British Standards Institution. View the BS 10012 Certificate.
What is the definition of personal data in SAP Financial Consolidation?
In our software, personal data includes the following information relates to a user: user code, user short description in all languages, user long description in all languages, user's email address, user's login and user's alias. Please note that the comment attached to a user is not considered as personal data.
Can I display my personal data?
Yes. Personal data can be displayed in all SAP Financial Consolidation clients.
In the HTML5 web, go to User / Personal information (see screenshot below).
In the legacy web, go to Preferences / Personal information.
In the Windows client, go to Tools / Personal information.
In Cube Designer, go to Tools / Personal information.
In the Excel Link, go to Add-ins menu / Financial Consolidation / Personal Information.
How can I log changes made to personal data?
You can activate the personal data change log from our Windows client:
1) Go to General Options / Trace Reports tab and click Enable the Trace Report
2) Then click Select modules / Administration / Security - user information
How can I display changes of personal data?
From our Windows client, go to File / Display Trace Reports. The Trace reports show the original personal data (old value) and the changes made (new value).
Can I display the changes of personal data either for all users, or for one user only?
Yes. With the Trace reports, you can either display updates for all users, or view the updates of one selected user.
Can I export the personal data log of changes for audit purposes?
Yes. From our Windows client, go to File / Export Trace Reports.
Does the software provides personal data portability?
Yes, the User Import Export Tool allows you to export users and all user-related objects between SAP Financial Consolidation and different types of flat files.
Can I block / unblock a user?
Yes, when a person changes role or leaves your company, you can block her/his user. In the Windows client:
1) Go to Security / Users
2) Select the user(s)
3) Right click on these users / select Block or Unblock user
The Block/Unblock feature is based on the previous Active/Inactive feature.
What happens when a user is blocked?
The blocked user:
• Cannot log in the software
• Is in read-only and cannot be updated
• Cannot be imported - yet, it's possible to create a blocked user
• Cannot be exported
• Does not appear in the UI, i.e. the user is invisible to others
• Can only be seen by administrators and users whith the proper authorization - see "Who can block / unblock users?"
• Does not appear in the security audit screens
• Cannot be processed
• The blocked user code cannot be used - it’s not possible to assign a blocked user to a workflow process in the Reporting Unit Manager the previous Active/Inactive feature.
Who can block / unblock users?
You can define super user(s) and grant them with the proper authorization to block or unblock users. These users will be the only ones to be able to see blocked users. In the Windows client:
1) Open the Security Audit module
2) Select the user(s)
3) In the Functional Rights tab, go to Administration / Access the security module / Manage a user / Block user, Unblock user
Can I delete personal data?
Yes, when all applicable retention periods have expired, blocked users’ personal data can be deleted. In the Windows client:
1) Go to Security / Users
2) Select the user(s)
3) Right-click on these users / select Delete Personal Information
Who can delete personal data?
You can define super user(s) and grant them with the proper authorization to delete personal data. In the Windows client:
1) Open the Security Audit module
2) Select the user(s)
3) In the Functional Rights tab, go to Administration / Access the security module / Manage a user / Delete personal information
When personal data is deleted, is the user deleted too?
No. Personal data is deleted but the user is anonymized. The user code will start with the letter Z and the 11 following letters are random and unique. Non personal data of the user remains unchanged, as well as the user's technical ID.
What happens in the Trace Report when a user is deleted?
There are 2 use cases.
1) All updates that has been made on a deleted user are deleted. For example, the user "John" has been deleted: all updates made on this user (e.g. change of description) are deleted.
2) To comply with the Sarbanes-Oxley act, updates that have been made by a deleted user are kept. For example, if "John" has modified a report, the Trace Report information is kept with his user name "John".
What happens in the technical logs when a user is deleted?
There's no automatic deletion nor anonymization of the technical logs. The deletion of these logs should be done manually.
Where can I find more information?
Read our Security Guide.
Search our Knowledge Base.
- SAP Managed Tags:
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
