Deletion of personal data in SAP

Deletion of personal data in sap


Deletion of personal data is one of the more challenging requirements that have come out of GDPR.

SAP’s best practice for deleting data is using Information Lifecycle Management (ILM). This works for Netweaver based systems. In SAP cloud products, relevant technical GDPR measures such as deletion are built in.

For most customers, the personal data in SAP are stored in the HR and CRM systems as well as FI, SD and MM modules, depending on how SAP is used. Some industry solutions like IS-U, could also contain personal data.

At 2BM, we have worked with companies of different sizes and industries as well as with different requirements to become GDPR compliant. Small and medium-sized businesses usually have less personal data and therefore smaller budgets for deletion than large enterprises have. Our overall approach is to assist in choosing the right combination of solutions when considering risks vs. costs – tailored to your business needs and ambitions.

Based on the experience from various projects, we often see customers using different methods to delete or anonymize personal data, depending on criticality, amount, and possibility for automation. Most companies utilize a mix of ILM, standard SAP deletion programs/clean up, as well as anonymization to delete personal data.

There are pros and cons for using the different methods which all involve risks and costs.

The deletion methods can overall be divided into the following groups:


Deletion of employee data in SAP HR/HCM

2BM has therefore enhanced the SAP standard deletion program for employees (RPUDELPP) in a tool named 2BM Employee Deletion.

2BM Employee Deletion is utilizing the SAP standard deletion program for employees (RPUDELPP) enhanced with a selection program which identify the specific employee data which could be deleted based on the deletion and retention rules set up.

What will it cost to delete the personal data in SAP?
This is the most common question when discussing deletion of personal data in SAP. Previously, there have been several costly ILM projects. 2BM’s experience combined with a full understanding of where different types of personal data are stored, enables us to provide you with a better understanding of the risks involved. A plan for deleting personal data is based on facts and risks, which make defining the appropriate scope with consideration of the costs is more tangible.

We offer all prospective clients a workshop to help you scope your deletion activity in SAP.

Related Events & News


Webinar – Subject Access Reporting in SAP

Join us for a 30 minutes webinar, going through how 2BM Subject Access Report for HR can help organizations speed up the process of delivering a Subject Access Report.

Webinar – GDPR House Cleaning in SAP HR

Join this webinar to learn the tricks on how to get started on house cleaning – get immediate value of your GDPR activities. It is a GDPR Requirement that personal data that is no longer needed for the primary processing purpose must be deleted – unless there are other retention periods defined by law or contract, in which case, the data has to be blocked.

Webinar – GDPR compliance in SAP

In a new series of 1-hr webinars, we will educate you in the different approaches to achieving GDPR compliance in SAP – including implementation approach.

Webinar – SAP GDPR Compliance

Comply with the GDPR for data retention with SAP Information Lifecycle Management, which is now license free. Join our 1-hour webinar to learn the different approaches on how to streamline your IT infrastructure and minimize risk by controlling your data in SAP.

Nordic SAP GDPR Conference 2019

Join us at the Nordic SAP GDPR Conference in Copenhagen. The conference will focus on insurance of continuous GDPR compliance in SAP. 15 sessions – speakers from 2BM, Danish Defense Intelligence, PwC, Onapsis/Virtual Forge and SAP.

Ny bestyrelsesformand til 2BM

En af de 100 vigtigste kvinder i Danmark blev den 23. april 2019 valgt som bestyrelsesformand hos SAP Konsulenthuset 2BM A/S: Caroline Søeborg Ahlefeldt, seriel iværksætter, CEO og bestyrelsesformand for Donkey Republic A/S og bestyrelsesmedlem hos Hartmanns A/S, Aarhus Universitet og Copenhagen Contemporary m.fl.

SAP & General Data Protection Regulation (GDPR)

SAP & General Data Protection Regulation (GDPR) With about one year left before all organizations must abide by the new EU General Data...

Webinar – SAP Personal Data Identification

Personal data identification is probably one of the most underestimated and complicated tasks to do in GDPR projects. Speed up the process with 2BM Data Discovery tool.

Webinar – HCM GDPR Compliance in SAP and SuccessFactors

GDPR Compliance with SuccessFactors Privacy Center. Many companies are struggling to become GDPR compliant before the deadline – 25 May 2018. Join this webinar to hear how we are helping our customers become GDPR compliant.

United VARs Annual Meeting 2019

The United VARs Annual Meeting is coming up, and we thought we would recap last year’s Annual Meeting!

Share This