SAP Best Practice for GDPR Compliance

Monday, May 15th, 2017


There’s little more than a year until all businesses processing the personal information of anyone residing in the EU need to comply with the General Data Protection Regulation (GDPR). And even though the UK is set to break away from the EU,  the new data legislation was written into law before the country voted Leave, and therefore applies to all British organisations. You might think you have plenty of time to ensure compliance, but putting a SAP data strategy in place that allows for GDPR compliance across all the departments in your organisation is no small feat. Now is the time to start introducing data management strategies and SAP best practice that facilitates GDPR compliance. We explore four SAP best practices that aid in GDPR compliance:


  1. UI data logging

Besides protecting sensitive SAP data from external security breaches, it’s important to protect it from the risk of internal attacks too. One approach to this is through user interface (UI) data logging. Data logging involves tracking all read SAP data requests – who requested data, when and from where, and the data they requested. Through the monitoring of all data requests, it’s possible to analyse any potential SAP data breaches and determine whether you’re on track to fulfilling GDPR compliance. By educating all staff about the presence of data logging, the practice acts as a deterrent to internal security threats and GDPR data breaches.


  1. UI data masking (aka UI data field security)

UI data masking involves actively masking SAP data by altering sensitive fields before data is sent to a user interface. You have control over which fields are masked and how, and this can easily be configured depending on your security requirements. Data is only viewable and usable to authorised personnel. Data masking can be applied to any screen within the SAP GUI. And like data logging, this practice can also instill awareness of data compliance in teams within your organisation.

UI data logging and UI data masking are both SAP practices that exist in the SAP Netweaver Basis and are integrated into SAP maintenance.  Because these tools are lightweight and highly configurable, you can implement the practices within a matter of weeks.


  1. Information lifecycle management (ILM): Data deletion

ILM is an advanced approach to data storage that manages the flow and storage of SAP data and metadata from the moment of creation and storage, up until the data becomes obsolete and requires deletion. It organises data into tiers and automates the migration process between tiers based on specified data management policies. These policies govern record management of SAP documents and the retention of SAP data. Using data deletion, the SAP system is unloaded of unwanted data, which reduces the risk of personal SAP data being breached.


  1. ILM data blocking

As well as data deletion, data blocking is another facet of ILM that falls under SAP best practice for GDPR compliance. Depending on your SAP data requirements, not all the data in the system – when obsolete – will be eligible for deletion if it still falls within its retention period. Data blocking allows for the protection of this data, without having to destroy it. Blocked data can no longer be edited, used for follow-up activities or any form of business use. Only users with SAP_CA_BP_ADMIN status can access blocked data, but only up until the end of of the retention period, after which data is deleted.
If you’d like to find out more about the importance of a SAP data management strategy and SAP archiving to ensure GDPR compliance and avoid hefty financial and legislative penalties, download our guide: