Human Capital Management Blogs by SAP
Get insider info on SAP SuccessFactors HCM suite for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
cancel
Showing results for 
Search instead for 
Did you mean: 
yogananda
Product and Topic Expert
Product and Topic Expert


What is GDPR?

As you have probably heard, the EU commission signed the General Data Protection Regulation (GDPR) back in April 2016. The legislation is designed to help companies handle efficiently the data challenges of the 21st century and give strict guidelines as to how to work with massive flows of digital information. It is set to protect sales users (data subjects) from malicious use and loss of their personal info and, also, to give people greater control over how their records are processed.

GDPR is taken effect on May 25, 2018.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is intended to synchronize data privacy laws across Europe, to safeguard and allow all EU citizens data privacy and to reform the way organizations across the region move toward data privacy.

This piece of legislation is to be enforced upon every firm that works with the personal data of EU citizens, not just businesses that reside in the EU.



Source: https://gdpr.eu/




SAP Commission GDPR Process Documentation

When a sales representative leaves a company, there are a number of GDPR-related considerations that need to be taken care of. These include:

  • Obtaining the former employee's consent to continue processing their personal data. If the company wishes to continue processing the former employee's personal data, such as for marketing purposes, they must obtain the former employee's consent. This consent must be freely given, specific, informed, and unambiguous.

  • Deleting personal data that is no longer necessary. The company must delete any personal data that is no longer necessary for the purposes for which it was collected. This includes personal data that is no longer necessary for the purposes of the employment relationship, such as contact information and performance reviews.

  • Restricting access to personal data. The company must restrict access to personal data to those employees who need access to it in order to perform their job duties. This includes former employees who have been granted access to personal data for the purposes of transitioning to a new role within the company.

  • Reporting data breaches to the former employee. If the company experiences a data breach that affects the personal data of former employees, they must report the data breach to the former employees as soon as possible.


Overview of the GDPR Process



Step 1: Enable Email Notifications for GDPR Process Job from Process Configuration


There are 3 business processes templates which will send a notification after updating the Notify users email ids

Enable Personal Data Purge Remainder, Started and Retention Period Change


Step 2: Enable Data Protection Policy Settings from Global Settings


Data Protection Policy

























Retention Period for Purge Jobs

 Set number of days which will consider older than today's date for Purge

 
Purge Frequency in Days 0 - Disabled
1 - Active


Days in Advance to send Purge Reminder Email

 

 
Set number of days which will send a notification for the user to be considered for Purge
Next Purge Scheduled  Which will determine when is the next Purge Job is scheduled
Purge Security logs older than (days) Logs will remain a certain number of days in Purge logs

Purge Job consider based on below criteria

Sales Reps (Payee)   :  Triggers all terminated Payees for Purge

Admins : Last Login date based on Retention Period set

Note: Once Job is triggered, all the users considered for Purge Job will be final and cannot be reverted back or canceled state. There are no possible ways of bringing users back to Active.

Last Option: Database restore only (Not recommended)


Purge logs




All purged Users are in the below table for which job considered
select * from csi_userpurgemapping order by userseq asc

All Pugred users are in the below workspace while during the job is running


After Job is completed, Actual userId will be decrypted as it shown below


All Purged users are stored in the below table.
select * from csi_purgelog order by PURGEDUSERSEQ asc


Let's see in Commission UI for Participant and Users Workspace as reference


Purged Sales Rep (Payee) shown from Commission > Participant Workspace




Purged User from Commissions > Users Workspace



Once Users are disabled, they cannot log in to UI as shown






Exception process for users to be blocked from Data Protection Purge Job

( Home Page > User Administration >  selective User > Enable) as shown in below screenshot