Deletion of personal data in SAP

Deletion of personal data in sap


Deletion of personal data is one of the more challenging requirements that have come out of GDPR.

SAP’s best practice for deleting data is using Information Lifecycle Management (ILM). This works for Netweaver based systems. In SAP cloud products, relevant technical GDPR measures such as deletion are built in.

For most customers, the personal data in SAP are stored in the HR and CRM systems as well as FI, SD and MM modules, depending on how SAP is used. Some industry solutions like IS-U, could also contain personal data.

At 2BM, we have worked with companies of different sizes and industries as well as with different requirements to become GDPR compliant. Small and medium-sized businesses usually have less personal data and therefore smaller budgets for deletion than large enterprises have. Our overall approach is to assist in choosing the right combination of solutions when considering risks vs. costs – tailored to your business needs and ambitions.

Based on the experience from various projects, we often see customers using different methods to delete or anonymize personal data, depending on criticality, amount, and possibility for automation. Most companies utilize a mix of ILM, standard SAP deletion programs/clean up, as well as anonymization to delete personal data.

There are pros and cons for using the different methods which all involve risks and costs.

The deletion methods can overall be divided into the following groups:


Deletion of employee data in SAP HR/HCM

2BM has therefore enhanced the SAP standard deletion program for employees (RPUDELPP) in a tool named 2BM Employee Deletion.

2BM Employee Deletion is utilizing the SAP standard deletion program for employees (RPUDELPP) enhanced with a selection program which identify the specific employee data which could be deleted based on the deletion and retention rules set up.

What will it cost to delete the personal data in SAP?
This is the most common question when discussing deletion of personal data in SAP. Previously, there have been several costly ILM projects. 2BM’s experience combined with a full understanding of where different types of personal data are stored, enables us to provide you with a better understanding of the risks involved. A plan for deleting personal data is based on facts and risks, which make defining the appropriate scope with consideration of the costs is more tangible.

We offer all prospective clients a workshop to help you scope your deletion activity in SAP.

Related Events & News


Persondata i SAP og forbundne systemer

Deltag i seminar om EU persondataforordningen, hvor vi går i dybden med konkret planlægning og aktiviteter tilknyttet til SAP og forbundne systemer.

SAP License Compliance Conference

17 May - Stockholm 18 May - Copenhagen  Probably the first conference focusing only on SAP licensing. Come and join 2BM SAP License Compliance...

Sådan håndterer du persondata sikkert i dine ERP-systemer

Læs artiklen af 2BM’s konsulent Troels Lindgård i Berlingske. Se hvad der er med Berlingske i en e-paper...

Håndtering af Persondata i SAP og tilknyttede systemer

Håndtering af Persondata i SAP og tilknyttede systemer   Der er i dag mindre end 2 år til at forberede organisationen til at overholde EU...

SAP & General Data Protection Regulation (GDPR)

SAP & General Data Protection Regulation (GDPR) With about one year left before all organizations must abide by the new EU General Data...

Webinar – SAP GDPR Compliance

Comply with the GDPR for data retention with SAP Information Lifecycle Management, which is now license free. Join our 1-hour webinar to learn the different approaches on how to streamline your IT infrastructure and minimize risk by controlling your data in SAP.

Webinar – HCM GDPR Compliance in SAP and SuccessFactors

GDPR Compliance with SuccessFactors Privacy Center. Many companies are struggling to become GDPR compliant before the deadline – 25 May 2018. Join this webinar to hear how we are helping our customers become GDPR compliant.

Webinar – GDPR House Cleaning in SAP HR

Join this webinar to learn the tricks on how to get started on house cleaning – get immediate value of your GDPR activities. It is a GDPR Requirement that personal data that is no longer needed for the primary processing purpose must be deleted – unless there are other retention periods defined by law or contract, in which case, the data has to be blocked.

35 55 55 75