Archive with ILM interface - EU-DSGVO can come

With SAP ILM, they have a tool - and certain modules are license-free - for implementing the requirements resulting from the EU GDPR. However, the condition is that you also use an archiving system that has implemented the ILM interface.

The EU GDPR, which is intended to harmonize data protection law across the EU, is currently kicking up a lot of dust. One thing is certain: when it comes into force in May 2018, new, stricter rules will apply as far as the processing of personal data is concerned.

According to a recent study by Ovum on behalf of Interlinks, more than 50 percent of German companies do not consider themselves sufficiently prepared for the new rules.

You can be reassured insofar as we are dealing here first and foremost with data from HR management, precisely SAP HCM. Therefore, the actual need for action in terms of the GDPR is focused on the personnel system, because there the data is by definition personal.

EU-DSGVO helps SAP ILM achieve a breakthrough

SAP HCM is therefore the core challenge. With SAP Information Lifecycle Management (ILM), a tool is also available to securely implement the requirements of the EU GDPR.

SAP originally designed ILM to support system shutdowns and implement retention management during ongoing operations.

If decommissioning works, why not use SAP ILM during ongoing operations? There is nothing technically wrong with this, it's just that SAP users have hardly ever practiced this in the past.

The EU-DSGVO now opens up a veritable field of application in the HCM area. SAP ILM is available to existing SAP HCM customers for archiving objects in the area of personal data as of release EA-HR 604.

And since SAP ILM for HCM is available from ERP 6.0 Enhancement Package 4 and is already included in the ERP license, the number of users is also growing steadily.

SAP ILM can be used to check whether HR data is processed and stored in SAP HCM processes in accordance with purpose limitation and data economy.

Retention periods and lock indicators can be set on stored SAP documents to enable automatic deletion at a later date (legal hold), and users, roles and access rights can be set up and administered.

Data archiving is a mandatory requirement for the use of SAP ILM, since both the contents of the SAP databases and the unstructured data in archives are affected. The objects must be extracted from the SAP database and sent to archiving so that one can delete them at the appropriate time.

Technical knowledge for ILM implementation

For this, companies need an archive that has implemented and certified the ILM 3.1 interface. As one of the few archive providers, KGS is certified for this interface and has already carried out extensive projects in the ILM environment - at large industrial companies and federal authorities - from decommissioning to retention management.

KGS contributes its knowledge here on the technical side, while an HCM consultant is again required for the functional component and customizing. In addition to functional issues, technical ones must also be taken into account.

The storage system in particular is moving into the horizon of consideration. Here, Article 32 (1b) of the GDPR is of interest to users of an existing system. It deals with the "resilience" of the storage, but does not explain this term in more detail.

Fast LTA concludes that the resilience requirement poses primarily strategic challenges for enterprises and data protection officers. These would have to ask themselves whether disaster recovery and business continuity strategies are in place and whether backup hardware and software have been selected with these considerations in mind.

Conclusion

The EU General Data Protection Regulation affects more data than the data managed in SAP HCM. But HCM data and documents are all personal and therefore a good starting point for a GDPR project.

With SAP ILM, a software solution is already available today that will meet the coming requirements - provided that an ILM-capable archiving and storage system is in place.