Sword of Damocles DSGVO
Have you ever thought about data destruction? As a consulting company specializing in SAP ERP HCM, we are currently receiving an increasing number of customer inquiries on this topic. The background to this is simple: the European General Data Protection Regulation (GDPR) will largely replace national data protection law in the European Union (EU) and the European Economic Area (EEA) on May 25, 2018, and thus also the previous Federal Data Protection Act (BDSG) in Germany.
With regard to data protection, the circumstances under which the processing of personal data is permitted, and the right of employees to delete data that is no longer required, the regulations under the General Data Protection Regulation largely correspond to those under the Federal Data Protection Act.
One could now simply argue that this is all old hat, since the Federal Data Protection Act has been valid in its current form for years and if nothing significant changes, there is no real need for action. This assumption was and is fundamentally wrong! The BDSG is already a so-called prohibition law with permission reservation and thus a legally quite "sharp sword".
Only the consequences, i.e. the fines, were not corresponding to date. This is precisely the decisive innovation in which the new General Data Protection Regulation differs significantly from the Federal Data Protection Act, namely in the fine regulations. Whereas the Federal Data Protection Act stipulates that violations are punishable by a fine of up to EUR 50,000, the fines that can be imposed under the General Data Protection Regulation are intended to be effective, proportionate and dissuasive.
Depending on the case, type and severity, the fines can reach up to ten million euros or two percent of a company's annual global turnover. In the case of violations of certain articles of the regulation, the fine is doubled to four percent of global sales.
Of course, the threat of drastic penalties in the future is not the only reason why companies are increasingly addressing this issue. In an age of almost unbridled data collection, the performance of the hardware used naturally also plays a role that should not be underestimated.
Reasons enough to actively address this explosive topic, coupled with the question: So how can we approach the topic within the framework of a project?
ILM for SAP HCM
SAP delivered the "Information Lifecycle Management (ILM)" functionality for SAP ERP HCM for the first time with the Enhancement Package 6.04 and expanded it further in the following Enhancement Packages. Depending on the system status, ILM includes the option of destroying data from the various SAP ERP HCM modules. The process is based on proven archiving technology. The data to be destroyed is first written to a temporary archive file and then deleted from the database. In contrast to normal archiving, the temporary archive file is now not written to a medium, but deleted. The data has thus been destroyed.
A log entry about the destruction is created in a separate infotype in Personnel Administration (IT0283). Here, it can be traced whether data was destroyed at all for the employee in question, and if so, which archiving objects were processed and for how long.
However, a project that aims to destroy certain data that is no longer needed should first address the technical requirements if the prerequisites are met:
Create prerequisites in SAP HCM
First and foremost, this includes ensuring that at least EhP 6.04 (ideally the latest EhP) is installed and the ILM business function is activated. Other activities that are usually performed by SAP Basis Support are also included, such as checking that the required authorizations have been assigned. Definition of the temporary archive files and the drive paths in which they are temporarily stored.
Professional evaluation: How long may which data be stored or used? When is there no longer a need / professional requirement for storing this data? Here, too, the law helps us: "Personal data of an employee may be collected, processed or used for purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination....." Section 32 (1) BDSG.
An example would be: How long should punch times (coming and going booking) be kept in the system.
Ideally, all data stored for an employee in SAP ERP HCM can be provided with a time period for which this data must be retained or when it should be destroyed at the latest. It is often advisable to also discuss these issues with the company's data protection officer.
Technical implementation with SAP ILM
Once the retention periods for employee data have been technically defined, you can start setting up the corresponding SAP archiving objects. As described above, ILM is based on the archiving of data. For this reason, ILM always refers to archiving objects in which the data to be destroyed is grouped.
Depending on your system status, you will find appropriate archiving objects for most of the data in question. However, your search for archiving objects for customer-specific information types, customizing and application tables or even customer-specific clusters will be fruitless.
You will have to implement these yourself. If archiving objects already exist, the retention periods can be "customized".
Data destruction test
Depending on the complexity of the requirements and the mass of data to be destroyed, performing data destruction in production systems can be time and resource intensive. It is therefore advisable to first carry out test runs in a separate system, possibly set up especially for this project. This also allows risks to be identified and eliminated at an early stage. In terms of runtime, it has often been recommended to create small packages rather than trying to destroy a lot of data in one run.
Implementation of data destruction
Archiving should be an ongoing process. Depending on the size of the company, this can be automated at predefined times or flexibly triggered by the specialist department as required.Below is a schematic representation of the project structure described here.
Conclusion
At first glance, the "data destruction" project appears more explosive than it actually is. As is so often the case, once the technical prerequisites have been worked out and there is a willingness to deal with this topic alongside day-to-day business, the implementation of SAP ILM tends to be one of the smaller projects. Once implemented, it can be used regularly, so that the question of possibly non-compliant data storage or poor system performance due to oversized system data that is actually no longer needed simply no longer arises.