Data Protection
This section describes the specific features and functions that SAP provides to support compliance with the relevant legal requirements and data privacy.
Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries.
This section and any other sections in this Security Guide do not give any advice on whether these features and functions are the best method to support company, industry, regional or country-specific requirements. Furthermore, this guide does not give any advice or recommendations with regard to additional features that would be required in a particular environment; decisions related to data protection must be made on a case-by-case basis and under consideration of the given system landscape and the applicable legal requirements.
|
Term |
Definition |
|---|---|
|
Personal data |
Information about an identified or identifiable natural person. |
|
Business purpose |
A legal, contractual, or in other form justified reason for the processing of personal data. The assumption is that any purpose has an end that is usually already defined when the purpose starts. |
|
Deletion |
Deletion of personal data so that the data is no longer usable. |
|
End of purpose (EoP) |
A method of identifying the point in time for a data set when the processing of personal data is no longer required for the primary business purpose. After the EoP has been reached, the data is blocked and can only be accessed by users with special authorization. |
Some basic requirements that support data protection are often referred to as technical and organizational measures (TOM). The following topics are related to data protection and require appropriate TOMs:
-
Access control: Authentication features as described in section User Administration and Authentication.
For more information, see User Administration and Authentication
-
Authorizations: Authorization concept as described in section Authorizations.
For more information, see Roles and Authorizations.
-
Transmission control / Communication security: as described in section Network and Communication Security and General Security Aspects and Relevant Assets.
For more information, see Network and Communication Security
-
Availability control as described in:
-
SAP NetWeaver Database Administration [SAP Library] documentation
-
SAP Business Continuity documentation in the SAP NetWeaver Application Help under
-
-
Separation by purpose: Is subject to the organizational model implemented and must be applied as part of the authorization concept.


