Data provisioning and removal
Retention RulesBefore explaining about the Data privacy workbench, I’ll need to make a side step into data archiving and deletion in general. When a customer or contact asks for removal of his data from your system, this can have quite some impact: the customer might have ordered goods or services from you, maybe some pending invoices and so on. Removal of the customer’s data therefore is only possible if all these customer processes have been closed correctly. Even then, there might be some legal reasons to keep the customer and the related documents like invoices in the system for some time. Most countries have laws requiring companies to keep invoices and tax related documents for at least 5 years. This implies that the customer can only be removed after this period of time. Similar logic is valid for employee data for which often HR-related data (pension schemes, salary payments etc.) require special care when removal requests are done.
In C4C this is controlled via the retention time for deletion of customers and employees. Where in the on-premise SAP solutions SAP promotes the SAP ILM solution (which enables fine-tuning of retention times for all kinds of business objects), in SAP Cloud for Customer you only have two retention rules available:
These can be edited in the business configuration. You can only edit the rules when the data retention rules are in scope, otherwise the fields remain display only.
Also, a system-defined lower limit of 4 years is set by SAP.
Data Privacy Workbench
Within the Data Privacy Workbench, the data disclosure and removal is handled.
Personal Data Disclosure
Regular business users usually have limited rights to view customer data – especially in case of confidential data or privacy sensitive data like medical records. When a customer requires (based on his GDPR rights) to be informed about all the data that is stored in the system about him, we need to “bypass” the regular checks and balances regarding authorizations – and stay compliant at the same time.
Access to the Data Privacy workbench therefore should be limited to a few dedicated employees handling these GDPR requests. All accesses to the full data are logged. All master data and transactional data is available for display here.
Personal Data Removal
If - either for archiving reasons or upon request of the person involved – the data has to be removed from the system, the Personal Data Removal view comes into rescue. Here we can again search for the person involved. In below example I’ve taken a contact (since the minimum retention time for employees and customers is 4 years … and not expired yet) – in this case an example customer from the SAP Cloud for Customer ondemand dataset.
Search for the contact, review the details to verify we are dealing with the correct person, and Delete the data:
The actual removal is done in the background.
In order to be sure that this customer is indeed removed, the removal log contains enough details to validate the correct removal. This is also your 'Proof of removal' in case of an audit for compliancy.