2515697 - Frequently Asked Questions on Data Privacy Management/Data Retention/Information Lifecycle Managment

This Knowledge Base Article highlights frequently asked queries on Data Privacy and Management / Data Retention / Information Lifecycle Management

SAP Business bydesign

SAP Cloud for Customer

Documentation and Resources:

1. Overview
2. Configuration: Retention Periods for Business Documents
3. Open SAP Course: Week 4 deals with Data Protection and Privacy
4. Blog on Data Protection and Privacy

1. Why is Data Privacy Management work center not visible?

Users with authorization to access the Data Privacy Management work center can perform all data privacy functions within this work center, including the disclosure and deletion of employee's personal data.
Access to this work center is granted in the Application and User Management work center. You must ensure that only employees with authorization to disclose/delete personal data are granted access to the Data Privacy Management work center.

2. When you try to disclose data of a particular employee, you get the error message “Additional work agreements exist for this employee. They are not displayed as you do not have the required authorization to access them.”

When an employee has a work agreement record assigned to another Company within your organization, you may not be authorized to display or disclose that data.
This is due to the access restrictions applied to this work center view. In this situation, you must contact the administrator responsible for data privacy in the company concerned, who must disclose this data separately.

3. You want to know who all have accessed the Disclose Employee Data for a particular employee.

The system logs every access made by an authorized user to the Disclose Employee Data overview screen of a selected employee in this view.
This logging is provided to support auditing of data protection actions in the system. On the initial screen in this view, select an employee and click 'View Disclosure Log' to open a log of all access instances to the selected employee's data disclosure overview record. The log has a unique ID and shows when the record was accessed and by whom.

4. User cannot remove Personal Data of a Contact Person using the 'Personal Data Removal' view in the Data Privacy Management work center.

You can remove all the personal data of the selected contact person only when the relevant data retention period is expired for all data and documents associated with this contact person.

5.  Employee Personal Data can be removed even within retention period.

The country that is used to determine the retention is determined from the organizational assignment of the employee(Within the organizational assignment the country of the related company is used).

As the employees does not have an organizational assignment, the system is not able to determine the country of the company of the employee. In this case the system only checks that the Termination Date is in the past.

6. When you delete a particular contact from the Personal Data Removal view, even after selecting the option 'Remove data' the deleted contact can still be seen.
The removal of the Contact fails because the PDI Validation for BO Opportunity. The customer should check the PDI implementation.

7.  In the Personal Data Removal view, select Show All Business Partners and search for Accounts Business Partner, the basic Search is not working as expected.
The same filter displays results if you are searching for Individual Customers, but not for Accounts.
All Business Partners in the Data Privacy Management workcenter means all persons or all Employees/Contacts/Individual Customers.
Therefore you don't find Accounts/Organizations in the owl in the Data Privacy Management workcenter.

8. Country Poland is Missing in Data Retention Rule for employees In Business Configuration Settings.
Poland is available in scope of the system but it is not supported in Data privacy. Currently the List of countries will include the countries for which data privacy is supported in the system.

9. What is usage of Business Purpose Completed indicator ?

This indicator is available under:

·        Go to Work Center Data Protection and Privacy

·        Navigate to Tab Personal Data Removal

·        Click on Advanced Filter Option

 This indicator in a business application, should be set by a Data Protection Officer of the Organization based on customized data rules of the Organization. 
 C4C does not influence this indicator.
 Determine if you need to retain business partner data in your system when that data has already been deleted from an integrated external system.
 New web service interfaces and enhanced interfaces are enabled to support blocking of business partners. Use these services in scenarios where integrated external systems 
 block or delete business partner data in their system landscape. These interfaces allow the external systems to query and maintain the End-of-Purpose for business partners.
                  
 You can set/unset this indicator using Standard SOAP or OData services used for BP Replication where you will find the element 'Business End of Purpose' Indicator.

 For more information on New and Enhanced Web Services for Business Partner End-of-Purpose, please follow the below documentation in
 Section : 3.1.3  Configure Business Partner - End of Purpose in the below link :

                 What's New in SAP Hybris Cloud for Customer

10. You have activated the Field Group Configuration and you do not see the display logs as expected for Personal Data of Employee.

Fields such as Academic Title, Email and Alternate Employee ID are not considered sensitive data, and therefore it is not available to select via Field Group Configuration workcenter view. These fields are not considered sensitive data, a read access log wiln not be generated.

Please review that the Field Group Configuration, under the Information Lifecycle workcenter, for the fields that SAP considers sensitive.

11. How to identity the list of Employees / customers that have passed the data retention period?

To check if individual employee has passed the retention period go to “Personal Data Removal” run, select single employee and click “Remove Data”. “Remove employee data” tab would show if selected employee has passed retention period.

12.  Is there a Retention Period for Invoice data?

There is no general answer to this query because it depends on the local laws. For example: In Germany, it is 10 years

13. Can users view Invoices while the data is retained?

As long as the invoice is in the system it is visible. After final deletion, it is gone.

14. Is there a way to check the Retention Period?

Check the above mentioned documentation. The retention periods can be checked and maintained in Business Configuration.

Data Privacy, Disclose Employee Data, Personal Data Removal, DPP FAQ, ILM FAQ , KBA , data retention , data privacy , data protection and privacy , AP-RC-ILM , ByD,C4C,Travel: Information Lifecycle Management , How To