2793614 - Frequently Asked Questions on Data Protection and Privacy Work Center

Below are frequently asked questions regarding the Information Lifecycle Management work center (formerly Data Protection and Privacy).

SAP Cloud for Customer

1. How can you deal with customer data in SAP Cloud for Customer?

There are two ways to deal with customer data in SAP Cloud for Customer. You can anonymize the customer data. This is the process of turning personal data into anonymized information which does not identify an individual. Or you can remove the customer data from SAP Cloud for Customer. There is a standard functionality in the Data Privacy Management work center > Personal Data Removal to remove customer data from Cloud for Customer system after expiration of retention period.

2. When can I remove the data from the system?

Personal data can be removed from the selected account when the relevant data retention period is expired for all data and documents associated with the account.

3. When does the retention period expire?

This retention period is legally required and it varies from case to case. It depends on the organization’s policy or the country/region’s regulatory authority.

4. How can you maintain the retention periods in your system configuration?

You can find the relevant configuration activities for Data Retention Rules in the Business Configuration > Implementation Projects view. Here you can set one retention period per country/region. You can configure minimum retention periods per country in order to block data deletion of business partners. This is crucial due to regulatory reasons. For example, in some places it is mandatory that all the details of an individual should be retained by the data controller if a sale was made in the past years.

For Example: "Data Retention Rule for Employees"; "Data Retention Rule for Private Accounts"

Note: system may take some time to load these activities when you search in Overview (Business Configuration)

5. How can personal data to be removed from customer master data in Cloud for Customer?

Customer accounts are master data. Master data is the core data that is essential for operations in a specific business or business unit. If you don't use this data, then the status should be set to Obsolete/Not Active/Blocked. The status Obsolete is a prerequisite to remove data. Then personal data can be removed from Cloud for Customer by going to the Personal Data Removal view in the Data Privacy Management work center. The options allowed for removal are employees, private accounts, contacts and business partners.

6. How can an account be set as obsolete in the Customer work center?

You can set an account as obsolete in the Customer work center as follows:

1. Go to Customer work center.
2. Go to Accounts view.
3. Search the relevant account and open it.
4. Click the Actions button, then Set as Obsolete.

7. How can an account be set as obsolete using Data Workbench?

You need to export the accounts from Data Workbench and then you need to change the status of the accounts as required to: 2 (Active), 3 (Blocked), or 4 (Obsolete).

8. Why is the data retention period not considered for contacts?

There is currently no fine-tuning activity to configure the retention period of contact persons. As the contacts have no validity period with which the retention period can be checked, there is no check for the retention period for contacts. The only check that exists during contact deletion is for the document customer quote. For customer quote, determination parameter has been implemented which returns the calculation base date and country/region. The retention period for contact for the given country/region is then added to this base date and resulting date is compared with the current date or date on which removal is triggered.

9. Why is a contact deleted, even though the data retention period doesn't consider contacts?

When deletion is triggered for a contact, it checks whether the retention period of a customer quote related to the contact has been completed.

• If the retention period of the customer quote has been completed, then contact will be removed.
• If the retention period has not been completed, then the contact will not be removed.
• If the contact is not related to any customer quote, then it is deleted.

10. Why it is not possible to delete a business partner of type Organization?

According to GDPR requirements, we support deletion only for business partners of type Person. For business partners that represent organizations, deletion is not supported. Corporate accounts are business partners of type Organization.

11. Where is the option to check the exact date and time for job completion in Data Protection and Privacy Work Center after running multiple account deletion?
I can only see Started On and Changed On in Administrative Data area after entering into the logs details. 

This is a new requirement which has to be added in the summary of the application log. Currently we do not show the completion time of the run, hence we will take this up in future releases.

12. Why logs are not specifying which accounts have been removed or got into error in the Data Protection and Privacy Work Center?

While removing the business partner, we add the error messages raised by the application into the application log. If the error messages do not mention the business partner concerned, we do not list which business partner removal has ended in error. This is a new requirement which we will add to our backlog and deliver in future releases.

What is GDPR & How can SAP Hybris Cloud for Customer help you comply with GDPR

Data Privacy Management in SAP C4C

Manage Data Privacy

2185206 - Unable to Delete Master Data or Transactional Data

FAQ, DSGVO, EU-DSGVO, Kunden löschen, Interessenten löschen, Geschäftspartner löschen, delete customer data, GDPR , KBA , AP-RC-ILM , ByD,C4C,Travel: Information Lifecycle Management , How To

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions