Data Privacy Options for GDPR in SAP SuccessFactors

The implementation date for the European Union’s General Data Protection Regulation (GDPR) is imminent—May 25, 2018. In anticipation of this, SAP SuccessFactors has made a number of updates and highlighted features that allow its customers to comply with the regulations and give employees, candidates, and external partners “the right to be forgotten”—the overarching goal of GDPR.

In recent months, North American companies have come to realize that GDPR, while being an EU law, can still apply to them because it intends to protect EU citizens whether they are in the Eurozone or not. For SuccessFactors companies, that can mean past employees and candidates who have given personal information in the employment and application processes.

SuccessFactors Data Purging and Consent for GDPR

SAP SuccessFactors Data Purge GDPR
Data management interface in SuccessFactors.

A key piece in allowing people to be forgotten is erasing their information from enterprise systems. SuccessFactors has previously provided data purging functionality in its Recruiting module, and that is now expanded to all products in the suite.

The data purging functionality enables customers to identify purging rules on a country-to-country to basis. Some countries have different lengths of time required for keeping or erasing personal information.

Customers can also manage who is able to purge information. This is important because when purging data in SuccessFactors it is completely gone—it’s not even accessible on backup databases. So, decision to purge cannot be taken lightly.

There may also be situations where data needs to be purged in one application but kept in another for legal reasons. SuccessFactors allows for data that overlaps between modules to be treated differently based on its location.

Along with purging laws, GDPR also specifies areas in which individuals can provide consent on the storage and use of their data. In modules such as recruiting, onboarding, and learning, SuccessFactors has the functionality for employees and candidates to provide consent on who can view their data, possibly restricting it to only recruiters, for example. There’s also the ability for employees or candidates to revoke consent at any time, which will lead to the permanent deletion of that information.

GDPR data profile SuccessFactors
Finding a data subject report in SAP SuccessFactors

Reporting and Data Movement

As of the Q1 2018 release, SuccessFactors has simplified its reporting to meet GDPR needs. New reporting functionality allows for users to create a data subject information report to pull all data in the SuccessFactors system about an individual. With that, companies can provide the information they have on a person to them upon request.

Additionally, if data is moved from one provider to another—passed on from a recruiter to a trainer, perhaps—that information needs to be readable by a human per GDPR. It cannot be “1s and 0s”, for example. Data extracted from SuccessFactors can be replicated in a fashion that humans can understand.

Being Ready for EU Applicants

When a company posts a job, it doesn’t know who will apply for the position. That’s why it is important for North American companies, even those who don’t do business in the EU, to be ready for GDPR.

Cloud solutions like SuccessFactors provide the capability to more readily adapt to regulations, with quarterly updates and user-friendly configuration options. To make sure you are being compliant with GDPR, SAP partners like /N SPRO who know the software inside and out can help make sure the right functionalities are enacted and the proper processes are in place.

If you’d like help with GDPR, contact /N SPRO’s SuccessFactors support and sustainment team.