Deletion of personal data is one of the more challenging requirements that have come out of GDPR.

SAP’s best practice for deleting data is using Information Lifecycle Management (ILM). This works for Netweaver based systems. In SAP cloud products, relevant technical GDPR measures such as deletion are built in.

For most customers, the personal data in SAP are stored in the HR and CRM systems as well as FI, SD and MM modules, depending on how SAP is used. Some industry solutions like IS-U, could also contain personal data.

At 2BM, we have worked with companies of different sizes and industries as well as with different requirements to become GDPR compliant. Small and medium-sized businesses usually have less personal data and therefore smaller budgets for deletion than large enterprises have. Our overall approach is to assist in choosing the right combination of solutions when considering risks vs. costs – tailored to your business needs and ambitions.

Based on the experience from various projects, we often see customers using different methods to delete or anonymize personal data, depending on criticality, amount, and possibility for automation. Most companies utilize a mix of ILM, standard SAP deletion programs/clean up, as well as anonymization to delete personal data.

There are pros and cons for using the different methods which all involve risks and costs.

The deletion methods can overall be divided into the following groups:

Deletion of employee data in SAP HR/HCM

2BM has therefore enhanced the SAP standard deletion program for employees (RPUDELPP) in a tool named 2BM Employee Deletion.

2BM Employee Deletion is utilizing the SAP standard deletion program for employees (RPUDELPP) enhanced with a selection program which identify the specific employee data which could be deleted based on the deletion and retention rules set up.

What will it cost to delete the personal data in SAP?
This is the most common question when discussing deletion of personal data in SAP. Previously, there have been several costly ILM projects. 2BM’s experience combined with a full understanding of where different types of personal data are stored, enables us to provide you with a better understanding of the risks involved. A plan for deleting personal data is based on facts and risks, which make defining the appropriate scope with consideration of the costs is more tangible.

We offer all prospective clients a workshop to help you scope your deletion activity in SAP.