SAP Commissions : GDPR Process

What is GDPR?

As you have probably heard, the EU commission signed the General Data Protection Regulation (GDPR) back in April 2016. The legislation is designed to help companies handle efficiently the data challenges of the 21st century and give strict guidelines as to how to work with massive flows of digital information. It is set to protect sales users (data subjects) from malicious use and loss of their personal info and, also, to give people greater control over how their records are processed.

GDPR is taken effect on May 25, 2018.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is intended to synchronize data privacy laws across Europe, to safeguard and allow all EU citizens data privacy and to reform the way organizations across the region move toward data privacy.

This piece of legislation is to be enforced upon every firm that works with the personal data of EU citizens, not just businesses that reside in the EU.

Source: https://gdpr.eu/

SAP Commission GDPR Process Documentation

When a sales representative leaves a company, there are a number of GDPR-related considerations that need to be taken care of. These include:

• Obtaining the former employee’s consent to continue processing their personal data. If the company wishes to continue processing the former employee’s personal data, such as for marketing purposes, they must obtain the former employee’s consent. This consent must be freely given, specific, informed, and unambiguous.
• Deleting personal data that is no longer necessary. The company must delete any personal data that is no longer necessary for the purposes for which it was collected. This includes personal data that is no longer necessary for the purposes of the employment relationship, such as contact information and performance reviews.
• Restricting access to personal data. The company must restrict access to personal data to those employees who need access to it in order to perform their job duties. This includes former employees who have been granted access to personal data for the purposes of transitioning to a new role within the company.
• Reporting data breaches to the former employee. If the company experiences a data breach that affects the personal data of former employees, they must report the data breach to the former employees as soon as possible.

Overview of the GDPR Process

Step 1: Enable Email Notifications for GDPR Process Job from Process Configuration

There are 3 business processes templates which will send a notification after updating the Notify users email ids

Enable Personal Data Purge Remainder, Started and Retention Period Change

Step 2: Enable Data Protection Policy Settings from Global Settings

Data Protection Policy

Purge Job consider based on below criteria

Sales Reps (Payee)   :  Triggers all terminated Payees for Purge

Admins : Last Login date based on Retention Period set

Note: Once Job is triggered, all the users considered for Purge Job will be final and cannot be reverted back or canceled state. There are no possible ways of bringing users back to Active.

Last Option: Database restore only (Not recommended)

Purge logs

All purged Users are in the below table for which job considered

select * from csi_userpurgemapping order by userseq asc

All Pugred users are in the below workspace while during the job is running

After Job is completed, Actual userId will be decrypted as it shown below

All Purged users are stored in the below table.

select * from csi_purgelog order by PURGEDUSERSEQ asc

Let’s see in Commission UI for Participant and Users Workspace as reference

Purged Sales Rep (Payee) shown from Commission > Participant Workspace

Purged User from Commissions > Users Workspace

Once Users are disabled, they cannot log in to UI as shown

Exception process for users to be blocked from Data Protection Purge Job

( Home Page > User Administration >  selective User > Enable) as shown in below screenshot