cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Business ByDesign: Data Retention and Residence Periods

former_member649331
Discoverer

Dear experts,

With the 1911 release came the introduction of the Information Lifecycle management work center. While configuring the data retention and residence periods in the business configuration overview I come across some difficulties. Difficulties which I cannot find the answers that I’m looking for on the SAP blogs and/or help library, so hopefully I can get help via this communication channel. I run into the following difficulties/questions:

  1. For group 01 (Financial and Tax Audit Relevant) and group 2 (Legal and Process Relevant) I am unable to change the retention periods. Shouldn’t I be able to set these retention periods? At least for group 2, correct?
  2. When the retention period ends and documents are marked for deletion but not yet deleted. Where do these documents get stored? And how am I able to access them?
  3. For some rules, in the group early lifecycle data for example, I’ve made an exception in retention period, let’s say 1 year instead of 3 year. Is there a valid and consistent way to test this configuration?

Help is much appreciated, thanks in advance.

Dorrus Steenbakkers

Accepted Solutions (1)

Accepted Solutions (1)

JanMatthes
Advisor
Advisor
0 Kudos

Hi Dorrus,

thanks a lot for your questions and probably also for reading my blogs .;o) (see links below). Here are my answers:

  • Question 3: Yes, it is absolutely fine to create own retention groups and to move rules from one of the sap predefined groups into this new group. The analysis run will apply those residence and retention periods accordingly. In addition you can also manually override the retention settings for selected business documents (e.g. a long running project).
  • Question 2: Documents after residence or retention period stay in the system but change to "read-only" as soon the residence period is over. Only e.g. if a natural person requests the deletion the data gets finally deleted from the system. As usually partial data might still be needed for other legal reasons or because the process is not yet finished this data might not be deleted. In order to avoid that the master data of a natural person can be used for new transactions or as part of reports you can mark the natural person as "blocked for usage". This will hide the master data for normal business users (except for still running processes)
  • Question 1: Setting the retention periods for group 1 and 2 is only possible on request as we want to closely monitor the usage of the capability. From our point of view using the groups 3 and 4 is a very good starting point as it allows to delete the most critical data for natural persons.

Cheers

Jan

Configuration:

https://blogs.sap.com/2019/10/29/configure-information-lifecycle-for-data-privacy-management-in-sap-...

General Overview & demos:

https://blogs.sap.com/2017/09/05/what-is-gdpr-eu-dsgvo-and-how-does-sap-business-bydesign-manage-dat...

ChrisWarken
Participant
0 Kudos

Dear Jan,

thanks for this helpful answer. As far as I understand we need to set the customer to "obsolete" and start a "Blocking Run" afterwards to fulfill GPR guidelines. Then the Businesspartner will not be shown in the system anymore and is blocked for further usage. In the background the user still exists with status "obsolete", does it (view Business Partners in ILM work center)?

What is the difference to the status "blocked" that can be set alternatively for businesspartner BO?

Kind regards
Christian Warken

Answers (2)

Answers (2)

former_member649331
Discoverer

Thank you for your reply Jan!

JanMatthes
Advisor
Advisor
0 Kudos

Hi Christian,

the blocking run does the same action that can be done by manually blocking a business partner for usage. The difference is that it acts periodically on multiple business partners.

BTW: As I have left the ByD team further questions might be answered by my ByD colleagues
Cheers

Jan