Employee-related data is one of the most sensitive areas of data protection as data considered to be personal data are collected during the course of a working life in order to fulfill an employment contract (such as salaries, illnesses, religious affiliation, etc.).
Our previous projects show that the risk of dissatisfied or involuntarily retired employees making claims for handling personal data in a way that does not comply with data protection regulations is generally rated considerably higher by most companies than the claims that are brought to the companies by customers.
The same data protection principles apply to employee-related data as to other personal data: After the expiration of the purpose of use, which was previously given within the scope of a contractual fulfillment in the employment relationship or the existence of a declaration of consent (e.g. within the scope of an application process), a deletion of the personal data to be processed must be implemented immediately in accordance with the EU basic data protection regulation. Statutory exceptions, such as compliance with relevant retention periods, must be observed, and the data concerned must be protected against unauthorized access by unauthorized persons.
To meet these requirements in SAP HR systems (e.g. SAP HCM), SAP Information Lifecycle Management (ILM) for SAP, HCM provides the technical basis for managing retention and deletion rules for employee-related data with retention management functions throughout the data life cycle.
ILM implementation projects in the human resources area represent complex projects that require precise planning and a deep technical understanding of the functionalities, from a precise analysis of the technical data (infotypes) in the SAP system, through the setup of the retention rules in the ILM objects on a sandbox, to Go-Live with initial, real deletion processes.
A typical project for the conception and implementation of SAP ILM goes through the following phases:
The Natuvion ILM Competence Center was opened in Berlin in mid-2017. With around 30 specially trained IT consultants and DSGVO project managers, especially for the HR sector, it currently offers a pool of experts on the topics of locking and deleting personal data in SAP system landscapes with the help of ILM. The concrete achievements of the team include:
Functional and technical analysis of the existing data storage of employee-related data and the infotypes used
Creation of a special HR lock/deletion matrix with corresponding technical documentation
Legal advice in cooperation with selected and specialized IT law firms (SKW Schwarz)
Determination of the concrete implementation requirements for the defined lock/deletion rules in SAP ILM in the respective modules including connected systems (technical concept)
Execution of complex implementation projects for SAP ILM with corresponding customizing, complete setup in sandboxes and quality systems up to GoLive and further support during the stabilization phase.
Execution of quality assurances or audits on the basis of your existing installation / current project
Execution of training courses for employees to support their own ability to act for the administration of SAP ILM
Questions, Suggestions, or Feedback? We look forward to it!