Configure information lifecycle for data privacy m...
Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
With 1911 release of SAP Business ByDesign Cloud ERP we introduce a new dimension to manage data privacy and the lifecycle of all data in your ERP system. To configure the information lifecycle based data privacy management you need to do the following:
3. Configure retention periods for business documents
Retention period configuration can be done with the following steps:
Go to overview in business configuration work center
Search for “retention periods” and open the configuration
Open the pre-defined retention groups and the assigned rules, set the periods for residence and retention
Consider to create custom groups and to move rules into the new group
Consider to create specific retention periods for certain companies
4. Assign ILM Work Center to the DPO
To give the data privacy officer access to the ILM work center do the following:
Go to Access and User Management work center and select the data privacy user
Select the Information Lifecycle Management entry
Activate all views
Save and log-on with the DPO user
5. Activate Read Access Log Field Groups
Logon as DPO:
Go to Information Lifecycle Management work center
Go to Read Access Field Group Configuration
Activate the needed fields and generate the configuration
6. Activate Document Lifecycle KPIs for DPO
Logon as DPO or any other user which shall get access to the figures:
Go to My Launchpad
Go to personalization
Open KPI and select the document volume related KPI
7. Personal data disclosure configuration
ByDesign offers multiple layers to configure which data shall be disclosed to natural persons and which not. In a nutshell SAP Business ByDesign enables you to:
Disclose all data which has been stored about natural persons
Use multiple levels of granularity and details for data disclosure
Configure which data shall be exposed to the natural person and which not.
The following demo shows how to do this:
Personal data disclosure overview:
Personal data disclosure details (including configuration of default view):
8. Frequently Asked Questions for Information Lifecycle Management
What is the difference between residence and retention period?
The residence period determines by when documents get set to read-only. The retention period determines for how long the data needs to stay in the system. That means only after retention period is over data might be deleted.
What is process retention status and how does it influence for how long a document needs to stay in the system?
Documents which are part of a process chain might still be needed to finish the process. Resulting from this the document retention for a document might be already over but it still cannot be deleted as the process retention is not yet over. The process retention is determined by the last document in the process chain.
Which documents are considered in the analysis run?
The analysis run only considers the documents created until the day before it is executed. Of course documents which are created at the same day will be considered in the next analysis run automatically. In general the analysis run should be scheduled in a meaningful periodicity e.g. once a week depending on the volume of data you have in the system. 5 mio documents can be considered as low volume.