Deleting and locking personal data in SAP HCM
If we take a closer look at the current developments on the subject, we come face to face with the EU General Data Protection Regulation (GDPR), which is to be applied on May 25, 2018, and its severe sanctions for data protection violations.
In principle, the GDPR, like the Federal Data Protection Act (BDSG), also provides for the correction and deletion of personal data. It is not permissible to retain such data indefinitely.
However, as long as there are further legal, collective bargaining or internal requirements for the retention of personal data and documents, the data must not yet be deleted but merely blocked.
With the proven options of Retention Management, HR issues can be mapped via SAP ILM and implemented in practice in compliance with legal requirements.
Procure overview
First, however, it is necessary to obtain a structured overview of all personal data processed in SAP HCM. For this purpose, a deletion concept should be developed that takes into account the legal requirements of data protection and other legal requirements and transparently regulates the handling of such sensitive data in terms of type and scope.
The deletion concept is the ideal starting point for identifying data to be blocked as defined in Section 35 of the German Federal Data Protection Act (BDSG), as well as for implementing customizing in SAP ILM.
The ILM is technically based on a set of rules. Here, the defined retention periods per infotype are transferred to the SAP system and mapped analogously to the deletion concept.
In simple terms, the minimum and maximum retention periods must be stored per infotype, i.e. per archiving object. In practice, this quickly takes on complex forms.
Whenever the retention rule must be linked to further conditions, these criteria must be implemented in the rule set. After the implementation of the SAP HCM-specific customizing, a decision path can be run through per archiving object along these criteria to determine the correct retention period of a record.
The ILM set of rules can be called via transaction IRM_CUST. Information on the delivery of the ILM business function and the required system status can be found in SAP Note 1600991. Here you can also find information about license costs when using the ILM for HCM archiving objects and its possible coverage via already existing ERP licenses.
The actual destruction of data is realized with classic SAP Basis functionalities. Corresponding programs exist in the SAP system for this purpose. Via the transaction SARA, the archiving administration, the corresponding programs are run one after the other for each archiving object.
The P_DURATION authorization object can be used to adaptively implement the blocking of personal data at the granular level of individual infotypes. By defining authorization periods, access to HR master data can be restricted in the past.
Information on the P_DURATION authorization object can be found in SAP Note 2123631. A data protection-compliant deletion concept can be implemented in an SAP system as a hybrid solution comprising both functionalities.
In contrast to the creation of the deletion concept, the successive implementation of deletion processes of the 100% solution should be preferred for the subsequent technical implementation project.
On the one hand, there is no final archiving object for a few standard infotypes, and on the other hand, the technical focus should be on the individual infotypes and their associated archiving object in order to incorporate useful findings into the creation of simplified deletion rules.