de
Eine Hand hält einen Speicherchip, auf welchem ein Schloß ist | SPIRIT/21
Von Beatrix Böhm am 18.05.2021 SAP Services

SAP and GDPR = SAP ILM

Are you sure your data is GDPR protected in your SAP system?
Are you equally sure that your data is managed in SAP with GDPR-compliant rules?

Over the years, a large amount of data is collected in your SAP system. This certainly also includes information that is considered personal data according to the GDPR. This includes, for example, invoices, accounts receivable and / or payable master data, personnel data, delivery information or also accounting documents and SAP users.

The durability of this personal company data is limited by the GDPR and in order to enforce and document this limitation you need rules. These rules are defined by your data protection officer together with your department. This already shows the tension between GDPR-compliant restrictions and the requirements of the departments in their day-to-day business: departments usually want to retain access to documents and master data for years, but the GDPR prescribes a much more restrictive handling of personal data.

SAP has expanded SAP ILM - Information Lifecycle Management - to address these requirements. In times before the GDPR, this SAP tool was charged and intended for data archiving and system merging. Now, ILM is also a cost-neutral tool for creating and maintaining security rules to restrict access to a wide range of personal data and to delete the data as soon as legal retention periods have expired.

In order to achieve this goal, SAP ILM provides rules for the different data or objects. In these rules, you specify:

  • How long a data set is available in the productive SAP system for all employees entitled to display it,
  • where the record is subsequently transferred as a “locked record” (archive!),
  • who can then access this data record with special authorisations (e.g. key users or auditors of the tax authorities),
  • how long the blocked data record must remain there in order to comply with the legal retention periods, and
  • when the record should be deleted.
  • To demonstrate compliance with the GDPR, ILM also documents your handling of the data. If you have become curious, we are happy to provide you with further information. We help you to form a concept for your personal SAP data from these requirements and to implement this concept in SAP ILM.

**Whether it is a technical connection or a set of rules – we are happy to advise you.

Mehr erfahren

Ein KI-generierter Computer mit mehrerer Geschäftspersonen, welche ein Meeting abhalten auf dem Monitor | SPIRIT/21

SAP PEO: Efficient Production Planning and Control

SAP PEO
Zwei KI-generierte Smartphones vor grünem Hintergrund mit Akten auf dem Display, welche die Archivierung von Daten symbolisieren sollen | SPIRIT/21

So-called “bulky documents” often prevent the successful archiving of documents and clog up the SAP system. What can be done?

SAP archiving
Banner Blogbeitrag SAP S/4HANA Vorprojekt; Ein Laptop vor grünem Hintergrund mit einigen KI-generierten Elementen auf dem Display | SPIRIT/21

Find out how to successfully plan and implement your SAP S/4HANA conversion pre-project.

SAP S/4HANA Conversion preliminary project

Beatrix Böhm

SAP Senior-Beraterin Finanzwesen und Berechtigungen

Phone: +49 172 631 6153
E-Mail:

Beatrix is a consultant and project manager in the areas of finance and authorisation management as well as information lifecycle management and upgrade and Greenfield+ projects.

Beatrix Böhm