Data Protection and Privacy in SAP SuccessFactors
Companies store a wide range of personal data on people, ranging from basic details like name and date of birth, to more potentially sensitive information such as religion or medical history. In order to be compliant with data privacy laws, companies need to ensure that they process and protect this data correctly.
Prerequisites for Using Data Protection and Privacy Functions
- To make use of the data protection and privacy functions, you need to verify that you have met the prerequisites:
- Role-based permission (RBP) is enabled and set up so that you can use it to control access to data protection and privacy functions.
- Activate Attachment Manager. This is a prerequisite for using the Metadata Framework (MDF). To do this, please contact SAP Cloud Support.
- Activate the Metadata Framework (MDF). To do this, just go to the Upgrade Center and switch on the Extension Center. This activates MDF automatically.
- If you use Position Management in Employee Central, update to the right to return data model.
- Data protection and privacy functions require a unique, stable identifier for each user in your system. We use the platform User ID for this purpose, so changing the User ID disrupts data protection and privacy functions.
- We are working on a solution (Assignment ID) but it is not fully supported yet. Do not make any changes to Assignment ID at this time.
New Data Model for Right to Return and Data Protection and Privacy
- It is always important to be compliant with your local data protection and privacy laws, so we strongly recommend that you migrate to the new data model.
- From the Q1 2018 release, there is a new data model available for Right to Return. Migrating to this new data model is optional, but please note that it is a prerequisite for using data protection and privacy functions in Position Management.
- To migrate, go to the Upgrade Center and from the Important Upgradessection, select Position Management – Migrate Data Model for Right to Return.
Caution About User ID Conversion
- If you use data protection and privacy functions, avoid User ID conversion.
- Each user in your SuccessFactors system has a unique user ID and, in some cases, you may want to convert the existing user IDs in their system to a new value. This process is called “User ID conversion” and requires a special migration effort.
- Most data protection and privacy functions require a unique, stable identifier for each user in your system. The platform User ID is one such identifier. Changing the User ID disrupts important data protection and privacy functions, such as data purge and audit reporting. Therefore, if you have data protection and privacy requirements, you shouldn’t convert User IDs.
The SAP SuccessFactors HXM Suite stores a wide range of information about your employees. Generally speaking, historical data should not be stored any longer than is required. Once the required retention time has passed, data should be purged. A data purge is a means of permanently removing data from storage.
For the purpose of data protection and privacy, you may be required to purge user data from your system after a certain length of time. You may also choose to purge user data simply because it no longer serves any business purpose.
To meet this requirement, SAP SuccessFactors provides the ability to purge different types of data across the HXM Suite, on a recurring schedule and based on configurable retention times.
Learn about how you can block access to historical personal data based on a user’s role-based permissions.
As a general principle, historical personal data should not be stored any longer than is absolutely necessary. Once the legally required retention time for personal data has passed, it should be purged.
However, sometimes personal data is required to be stored by different users for different lengths of time. For example, the HR department might be required to store an employee’s home address for 3 years, but the Payroll department might have to store it for 5 years. In a situation like this, the employee’s address can only be purged after 5 years, but that means that certain users (in this case, the HR department) retain unnecessary access to it even after their legally required retention time has passed.
To solve this problem, SAP SuccessFactors provides a data blocking function. This enables you to control exactly how long individual roles will be able to access historical personal data, based on their role-based permissions. Using the example above, you can specify that HR admins can only access the employee’s address for 3 years, but Payroll can continue to access it until the full 5 years are up. In this way, data can be safely stored for the full legally required retention time, but at no point will it be available to anyone who shouldn’t have access to it.
Change auditing capabilities enable you to track changes that have been made to different kinds of data in your system. You can audit changes to personal data, system configuration, or other business data.
If you enable change auditing in your system, we capture information about changes to the system in our audit logs. Then you can generate change audit reports, based on the data in our audit logs, as required by your business. Generated audit reports are available for download for 48 hours and then purged from storage.
Change audit reports tell you which data records were changed during a given period, what the change was, who changed them, and when. Changes are captured in logs whether they’re made in the user interface, via API, or with an import file. Reports are available for many types of data, including personal data, configuration data, and other types of data in the HXM Suite. Use the self-service audit reporting tool to create the most common reports directly from the Admin Center.
Changes to Personal Data
You can create change audit reports to track changes to personal data across the SAP SuccessFactors HXM Suite, including:
- Changes made abouta specific user’s personal data (changes made by anyone to John’s personal data)
- Changes made bya specific user to other people’s personal data (changes made by John to anyone else’s personal data)
Change audit includes all changes to personal data fields, including insertions, updates, or deletions.
Changes to Other Data
Your SAP SuccessFactors system contains more than just personal data. It includes other types of data, such as configuration data or transactional business data. Use change audit reports to keep track of changes to your system, build proper internal controls, and ensure data security.
You can create change audit reports on wide range of data types from across the SAP SuccessFactors HXM Suite, including:
Basic and extended user information
Read auditing capabilities enable you to track access to sensitive personal data.
SAP SuccessFactors provides a read audit function that enables you to determine who has accessed the sensitive personal data of employees or external candidates at your company.
Learn how you can compile a report containing all the personal data that is stored on an employee.
Companies store all kinds of personal data on their employees, from basic information like name and address to more potential sensitive information such as marital status and the results of performance reviews. Employees and former employees have the right to know exactly what personal information has been stored and for what purpose.
If an employee makes such a request, you as the Data Privacy Officer or HR privacy expert need to respond. You can use the Data Subject Information tool to compile a report containing all the personal information that is stored on that employee, and can then provide the report to the employee in PDF or CSV format.
Consent agreements inform users that their data is stored and explain why it must be stored. SAP SuccessFactors can show users a consent agreement.
There are many reasons for which software might need to store personal data on a user. From a data protection and privacy point of view, what’s particularly important is that you inform the user that their data is being stored, and explain why this is necessary. You can do this, for example, with a user agreement that appears when someone opens an app for the first time.
When the user reads such an agreement, they’ll know in advance exactly what personal data will be stored if they proceed, and can then make an informed decision about whether to continue using the app.