Orchestrate your Data Deletion using SAP Cloud Platform Data Retention Manager
The information provided in this blog should not be considered as legal advice or replace legal counsel for your specific needs.
Here’s a good pre-read to this Blog.
The Need for Privacy
Thanks to recent revelations and subsequent high-profile apologies and government hearings, data security is having its day around vast digital universe of social media. Anyone who was still unaware of the pitfalls and perils of not dealing with protecting personal information is certainly aware now.
With almost every continent coming up with their version of Data Regulation, the need to keep data secure and the need to remove business complete data from the system has become imperative.
SAP has always been a front-runner when it comes to privacy of individuals and companies and making sure it does everything to run the business software of its customers with utmost clarity and transparency.
The Advantages of SAP Cloud Platform (SCP)
Today’s business leaders are faced with permanent and accelerated change in business and technologies. To keep a competitive edge, it is essential for businesses large and small to start their digital transformation and to become what SAP calls an Intelligent Enterprise.
This is where SAP Cloud Platform comes into play by offering not only the technical, but business capabilities as well, which enable you to act agile on upcoming market needs and changing demands.
At SAPPHIRE NOW in June, SAP co-founder and Chairman of the Supervisory Board, Hasso Plattner, summarized it best:
“SAP Cloud Platform is in the center.
Everything what we do now;
how we connect applications,
how we connect other applications,
how we present services we have in the system
for the use in applications or in Leonardo or outside SAP
will go through the SAP Cloud Platform.”
– Prof. Dr. h.c. mult. Hasso Plattner (Chairman of the Supervisory Board, SAP)
To elaborate on this, SAP Cloud Platform not only caters to runtime and storage needs at scale, but also powers and exposes all the above mentioned technologies so that these capabilities can be infused into new cloud applications and services. It is the designated platform to build new business applications, seamlessly extend existing cloud applications and the central component for integration scenarios. In simple terms, SAP Cloud Platforms addresses the following four key scenarios:
- Building new cloud applications and
- providing a consistent and engaging (User) Experience
With the growing business needs on the cloud, the need for security and compliant deletion of business data becomes more and more important.
This is where the SCP Data Retention Manager reuse service comes to the rescue!!!
Ok enough with the prelude, let’s get to the topic, shall we?
SAP Cloud Platform Data Retention Manager
Some Terms to Familiarize:
SCP Data Retention Manager is a reuse service on SAP Cloud Platform that supports deletion orchestration of personal data. It allows Privacy Professionals such as Data Protection Officer and your Data Privacy and Protection Specialists to identify
- Data subjects which have completed residence time and can be blocked from regular access and
- Data subjects which have completed retention period and must be deleted
supporting the “right to be forgotten” requirement of the Data Protection Regulations around the globe. It helps applications built on SCP to define residence and retention rules against legal grounds.
SAP Cloud Platform Data Retention Manager provides the following functionalities:
- Business purpose supervision: Assign business purposes to appropriate residence and retention rules
- Identification of data subjects for deletion: Identify data subjects for deletion and send the deletion request to the applications
- Retention and Residence Rules Handling: Devise, modify, and eliminate retention rules to determine when the data should be blocked/deleted for a business purpose
Let’s look at a typical Order to Payment Scenario
The snapshot below tries to tie a generic order to payment scenario with some timelines around business completion and data lifecycle.
When a customer is involved in active business transactions, their data could be used for valid business purposes which could span across analysis, reporting, warranty management etc. In addition, there could be tasks like tax reporting for example. This would signify the need for having this data active and usable in applications (residence). Once business is complete, this data is no longer needed actively and could be blocked for a certain about of time (call it the blocked phase). Eventually when this blocking time expires, data subject information is completely deleted from the system.
How does the configuration look?
Let’s take a company with 2 subsidiaries, One sells medicines in Germany and the other sells cosmetics in US.
With the above setup the design time configuration for the SCP Data Retention Manager would be as follows:
The deletion of Order data then would be orchestrated based on the Configured Residence and Retention Periods for the corresponding Business Object:
The Road Ahead: Deletion Orchestration beyond SCP!!
With the SAP Cloud platform SAP has a platform which plays a central role w.r.t integrated and efficient business process orchestration and realization. This in practicality includes various landscapes, applications and business processes with respective data semantics and data lifecycle guidelines. Intelligent Enterprise drives towards Integrating different landscapes and systems of a Business Process into one seamless solution.
With different landscapes come different data semantics and different Retention guidelines to deletion of Business Data.
Thus, there is an impending need to orchestrate the deletion of all these Business Data centrally and making sure data beyond the purpose of Business needs are rightfully deleted across all systems and landscapes.
SAP Cloud Platform Data Retention Manager is now available for Applications on Kyma Runtime. Refer to the Blog for more details.
SCP Data Retention Manager would be the right fit for every SCP business application that wants to make sure the lifecycle of data is managed in the appropriate way through central rules that guide the Residence and Retention period of business data.