Information lifecycle management introduces new dimension of data privacy in Cloud ERP

With the new 1911 release of SAP Business ByDesign Cloud ERP we introduce a new dimension to manage data privacy and the lifecycle of all data in your ERP system. With 1911 administrators and data privacy officers are able to use e.g. KPIs to see which data is still needed, for what reason and by when it might be deleted or if it is deleted already.

This allows a powerful lifecycle transparency for all data in the system. With the new ByD information lifecycle management work center and it’s configuration you can:

• Analyze total data volume
• Configure and analyze retention status of documents including process retention
• Identify and display process dependencies and relations of documents
• Disclose for what reason and for how long data needs to be retained in the system
• Monitor how many documents can be deleted or have been deleted already

With 1911 we recommend to use only the new information lifecycle management work center and it’s configuration and to retire the old data protection and privacy work center.

To move to the new information lifecycle based data privacy management you need to do the following:

1. Business Configuration: Activate scoping element “Information Lifecycle Management”
2. Business Configuration: Double check that you have activated the scoping question “Read Access Logging” under Security/System Management (this is unchanged but has been moved to the ILM work center)
   
3. Business Configuration: Configure the new retention periods for business documents
4. Assign information lifecycle management work center to the administrator or data privacy officer
   
5. Double check that you have activated the read access log field groups (this is unchanged but has been moved to the ILM work center)
6. Activate the document lifecycle KPIs for the data privacy officer or other users
7. Here you can find detailed configuration with screenshots

In addition to using the information lifecycle for data privacy it is possible to use it also to fuel machine learning with valid data from your Cloud ERP. For instance data scientists and administrators are able to ensure that only current and ready to use data is consumed for machine learning and to rule-out data that should not be used anymore. Here you find a demo:

1. Central Information Lifecycle Work Center

As you have seen in the demo the data privacy expert can use the information lifecycle work center to easily find employees, service agents (i.e. external employees) or private accounts (1), disclose all data (3), block data for usage or trigger the deletion (4b).

Additionally he can generate a summary and detail list for master and transaction data which is stored for a natural person in the system as you can see in the screenshots below.

2. Configuration of retention and residence periods

In the information lifecycle configuration you can define retention periods for all your data in the various business areas and countries. By this you can control that data cannot be deleted as long the retention periods for documents or process chains are over. Administrators or data privacy officers can:

1. Configure retention periods for business documents per document group and company
2. Group documents which have the same periods
3. Configure company independent or dependent data
4. Define periods after which
   • data cannot be changed (=residence period – 4a)
   • Ÿdata is beyond purpose and can be deleted (=retention period – 4b)
5. Create own configuration groups (5a) and move retention rules between the groups (5b).

Here you can find detailed configuration with screenshots

3. Block usage of data for new business

Besides disclosing and deleting natural persons data it is also possible to manually or automatically block it for usage in new business processes. This capability has been moved from the old data privacy and protection work center. So if you have been using this in the past there is no need to change anything.

4. Read access logging of sensitive data and change logs

Data privacy experts can configure which predefined business partner attributes are to be treated as special category of data and activate read access logging for sensitive data of natural persons. This capability has been moved from the old data privacy and protection work center. So if you have been using this in the past there is no need to change anything.

5. Marketing permissions

Sales and marketing employees can mark contacts and private accounts to be excluded, included or checked before executing outbound marketing campaigns. This capability has been not been changed in 1911. So if you have been using this in the past there is no need to change anything.

Here you can find more details about data privacy in SAP Business ByDesign.

More about all SAP Cloud ERP solutions can be found here.

Disclaimer

The information provided in this blog should not be considered as legal advice or replace legal counsel for your specific needs. Readers are cautioned not to place undue reliance on these statements and they should not be relied upon in making purchasing decisions or for achieving compliance to legal regulations.