SAP SE announced new and updated features to the SAP® SuccessFactors® HCM Suite that will make it easier for HR leaders worldwide to comply with data protection and privacy laws. The announcement was made at the 2018 UNLEASH Conference & Expo, taking place March 20 and 21 at the ExCel London.
The European Union’s General Data Protection Regulation (GDPR) will apply as of May 25, and with advanced data protection and privacy capabilities within the SAP SuccessFactors solutions, customers can adopt better personal data* management and governance.
“We’re committed to helping customers adhere to data protection and privacy regulations, and protect the confidentiality, integrity and availability of their data in our highly regulated world,” SAP SuccessFactors President Greg Tomb said. “We’ve addressed previous regulations by standing up data center operations in countries like Russia and Brazil. With GDPR now on the horizon, we’re supporting customers in their compliance journey by providing tools that not only help them comply with these laws, and thereby avoid losses and exposure to fines, but also improve governance. Most important, we are helping organizations create value by earning and sustaining trust with employees and candidates.”
By enhancing existing product features and adding new capabilities, SAP SuccessFactors solutions support customers in properly handling and protecting sensitive employee, candidate and customer data. Updates include a variety of features designed to protect personal data, whether or not the person concerned remains with the organization:
• Consent management — Certain data privacy laws, including the GDPR, require companies to obtain explicit consent from individuals to store or process personal data. This feature can be used throughout the consent process to configure and manage consent statements and acceptance. For example, recruiters can define consent statements in all languages in which a company operates and require candidates to accept the consent statement prior to applying for a position.
• Data blocking — This feature can be used to restrict access to historical, personal data within the retention period, and allows one user role to retain access to the data, while blocking access for others. For example, an HR service center employee fielding questions from employees may only need to see employee data going back one year, whereas an HR system administrator may need to see all history on the employee.
• Data subject info reporting — Companies store all kinds of personal data on their employees as well as external candidates, from information such as name and address to health data and the results of performance reviews. This feature enables customers to generate a report containing all of an individual’s personal data available across SAP SuccessFactors solutions. It supports individuals’ right to information, allowing them to know what personal information is being stored at any time.
• Data purge — The amount of personal data stored and processed by an organization is significant. Keeping this data longer than needed for business purposes increases a company’s risk of noncompliance and data breaches. Purging (permanently deleting) data once there is no longer a legal reason for keeping it is a requirement of some data protection and privacy laws, including the GDPR. To better comply with specific countries’ and industries’ data retention rules, this feature allows customers to define location-specific data retention regulations and to permanently delete data thereafter.
Globalization and digital disruption are pressuring businesses of all sizes to rely on their people to drive organizational agility and thrive in times of change. Over 6,400 customers in 193 countries rely on industry-leading SAP SuccessFactors solutions to support their efforts in complying with global and local data protection and privacy requirements, such as the General Data Protection Regulation, and to help attract, develop and retain the best people — tapping into their full potential and meaningfully connecting them to the company’s purpose and mission. Because purpose drives people, and people drive performance.
*Personal data is defined here as data that can be used to identify a natural person – this could be an employee, a candidate, an external learner, or a customer, for example.