PREVIOUS | NEXT
Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries.
Note: In the majority of cases, compliance with data privacy laws is not a product feature. SAP software supports data privacy by providing security features and specific functions relevant to data protection, such as functions for the deletion of personal data. SAP does not provide legal advice in any form. The definitions and other terms used in this guide are not taken from any given legal source.
The action of the data subject confirming that the usage of his or her personal data shall be allowed for a given purpose. A consent functionality allows the storage of a consent record in relation to a specific purpose and shows if a data subject has granted, withdrawn, or denied consent.
The irreversible destruction of personal data.
Any information relating to a data subject.
The information that specifies the reason and the goal for the processing of a specifies set of personal data. As a rule, the purpose references the relevant legal basis for the processing of personal data.
The period of time between the end of the last business activity involving a specifies object (for example, a business partner) and the deletion of the corresponding data, subject to applicable laws. The retention period is a combination of the residence period and the blocking period.
When handling personal data, consider the legislation in the different countries where your organization operates. After the data has passed the end of purpose, regulations may require you to delete the data. Additional regulations may require you to keep the data longer after the end of purpose. During this period you must block access to the data by unauthorized persons until the end of the retention period, when the data is finally deleted.
For auditing purposes or for legal requirements, changes made to personal data should be logged, enabling the monitoring of who made changes and when.
If no trace or log is stored that records which business users have accessed data, it is difficult to track the person(s) responsible for any data leaks to the outside world. The Read Access Logging (RAL) component can be used to monitor and log read access to data and provide information such as which business users accessed personal data, for example, of a business partner, and in which time frame.
Admin Audit Trail displays sensitive Customer and Contact fields that were used for filtering or exporting contracts. This information is only available to users with DPO role.