How companies can properly handle personal data in SAP systems
As is well known, the digitization of companies offers enormous advantages. To benefit from these, however, there are a few basic aspects that must be considered. Digitalization projects, for example, along with steadily growing volumes of data and a more wide-ranging software landscape, are also yielding an ever-greater wealth of personal data. Legal rules have become stricter in recent years, particularly in this area. An appropriate strategy is therefore needed in order to handle this data in a way that is efficient and also legally compliant. The answer must be digital – with SAP Information Lifecycle Management (SAP ILM), a suitable software is available which is becoming more widely used.
How SAP ILM supports data protection and compliance with GDPR
Since the introduction of GDPR if not sooner, companies have been required to meet significantly stricter requirements in all matters related to personal data protection. First of all, rules are set forth in the GDPR that must be integrated in the IT landscape. Secondly, a special procedure is required for handling personal data that have exceeded their lifecycle. Such cases can arise anywhere in the company, such as in personnel, but also in the customer database or in the supplier network.
Violations of data protection and especially the GDPR frequently occur unknowingly. A software product like SAP ILM can help you to avoid such legal violations due to ignorance, and it can do so across the company.
With SAP ILM, users can set rules on how personal data should be handled on other storage media after the end of its lifecycle. This can be nerve-wracking when such personal data also needs to remain accessible even after the original purpose has been met – accounting data, for example, must be stored for several years after the conclusion of the sale. It is precisely in these cases that archiving rules must be followed and in particular the legal storage periods must be observed when deleting data. With SAP ILM, for example, customer data can be locked or even automatically deleted on dates that you specify. Business partners or personnel cases can thus also be cleanly deleted in SAP systems.
SAP ILM and SAP HCM
Particularly in the area of personnel, requirements for data protection are extra sensitive. With the introduction of GDPR, the challenge for HR professionals becomes even greater. This is especially true when employees leave the company and personnel data have to be removed in a legally compliant manner. The same is true for all application management: if candidates are not hired, then their documents must be deleted. Under no circumstances can they be forgotten and stored in a drawer, or kept on a long-term storage medium.
SAP ILM helps you in handling sensitive personnel data in SAP HCM. Especially in cases where data records are unusually complex, the software solution offers special advantages for personal data in HR. This is a great advantage especially for HR departments, because SAP HCM has certain disadvantages when it comes to deleting personnel data.
What functions does SAP ILM offer?
SAP ILM offers user three functional areas:
- Data Archiving in SAP ILM includes the familiar archiving functions for SAP systems. These have been enhanced so that they can be seamlessly integrated with the two other main functions of SAP ILM. Thus data can not only be archived, but can also be destroyed. In addition, this process can be logged.
- With Retention Management all requirements concerning the management of data, from creation to final deletion, are covered. Here control systems help you to standardize process flows relating to the management of personal data. The focus of these SAP-ILM rule types is always on meeting all legal requirements.
- The functional area ILM Retention Warehouse supports you in handling legacy systems that are to be phased out and all of the affected data. It also offers appropriate reporting functions.
With these three components, companies gain some real added value. This includes, first and foremost, the legally compliant, on-schedule and digital locking, archiving or deletion of personal data. This significantly reduces the risk of GDPR violations, thus optimizing risk management as it relates to data protection. In addition, it optimizes the use of storage space, thereby yielding greater speed and a cleaner database. Through automation and digitalized process flows, departments increase their efficiency while at the same time gaining more control over their own data. Finally, SAP ILM contributes to a more harmonized system landscape – a classic goal of comprehensive digitalization projects.
How is SAP ILM implemented?
Companies can start out by implementing SAP ILM on a trial basis. During this test phase, a key user closely observes the software for legally compliant deletion of personal data. The goal is to recognize and where necessary correct potential errors in the conception or implementation of SAP ILM.
Generally a license is required for SAP ILM with the applicable licensing costs. However, SAP has released the application for SAP users to use at no cost in order to support companies with the GDPR. This means that especially for users of an SAP-ERP system such as SAP S/4HANA a solution for personal data is available at no additional cost.
Optimally manage personal data with Nagarro ES and SAP ILM
Would you also like to optimize data management in your SAP system? Our experts have deep expertise and extensive experience in working with SAP ILM. We will be happy to answer any questions you have about the software tool and its implementation. Together we will work through the pre-requirements for the implementation; as resellers of SAP-ILM licenses, we will be happy to assist you with the implementation. If necessary, we will provide hands-on training in SAP ILM with your employees. Insert CTA or contact person