Information lifecycle management introduces new di...
Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
With the new 1911 release of SAP Business ByDesign Cloud ERP we introduce a new dimension to manage data privacy and the lifecycle of all data in your ERP system. With 1911 administrators and data privacy officers are able to use e.g. KPIs to see which data is still needed, for what reason and by when it might be deleted or if it is deleted already.
To move to the new information lifecycle based data privacy management you need to do the following:
Business Configuration: Activate scoping element “Information Lifecycle Management”
Business Configuration: Double check that you have activated the scoping question “Read Access Logging” under Security/System Management (this is unchanged but has been moved to the ILM work center)
Business Configuration: Configure the new retention periods for business documents
Assign information lifecycle management work center to the administrator or data privacy officer
Double check that you have activated the read access log field groups (this is unchanged but has been moved to the ILM work center)
Activate the document lifecycle KPIs for the data privacy officer or other users
In addition to using the information lifecycle for data privacy it is possible to use it also to fuel machine learning with valid data from your Cloud ERP. For instance data scientists and administrators are able to ensure that only current and ready to use data is consumed for machine learning and to rule-out data that should not be used anymore. Here you find a demo:
1. Central Information Lifecycle Work Center
As you have seen in the demo the data privacy expert can use the information lifecycle work center to easily find employees, service agents (i.e. external employees) or private accounts (1), disclose all data (3), block data for usage or trigger the deletion (4b).
Additionally he can generate a summary and detail list for master and transaction data which is stored for a natural person in the system as you can see in the screenshots below.
2. Configuration of retention and residence periods
In the information lifecycle configuration you can define retention periods for all your data in the various business areas and countries. By this you can control that data cannot be deleted as long the retention periods for documents or process chains are over. Administrators or data privacy officers can:
Configure retention periods for business documents per document group and company
Group documents which have the same periods
Configure company independent or dependent data
Define periods after which
data cannot be changed (=residence period - 4a)
data is beyond purpose and can be deleted (=retention period - 4b)
Create own configuration groups (5a) and move retention rules between the groups (5b).
Besides disclosing and deleting natural persons data it is also possible to manually or automatically block it for usage in new business processes. This capability has been moved from the old data privacy and protection work center. So if you have been using this in the past there is no need to change anything.
4. Read access logging of sensitive data and change logs
Data privacy experts can configure which predefined business partner attributes are to be treated as special category of data and activate read access logging for sensitive data of natural persons. This capability has been moved from the old data privacy and protection work center. So if you have been using this in the past there is no need to change anything.
5. Marketing permissions
Sales and marketing employees can mark contacts and private accounts to be excluded, included or checked before executing outbound marketing campaigns. This capability has been not been changed in 1911. So if you have been using this in the past there is no need to change anything.
More about all SAP Cloud ERP solutions can be found here.
Disclaimer
The information provided in this blog should not be considered as legal advice or replace legal counsel for your specific needs. Readers are cautioned not to place undue reliance on these statements and they should not be relied upon in making purchasing decisions or for achieving compliance to legal regulations.