As an ERP solution, SAP Business One, or SAP B1, has been compliant with European Union’s General Data Protection Regulation (GDPR) since 2018. Under this regulation, consumers have complete control and privacy over their personal data. No organization can store the consumer’s personal information without explicit consent.
With the SAP B1 data protection feature, organizations can easily:
- Identify personal data by identifying the user, consumer, or individual
- Manage which data types can store personal business data
- Remove personal data or information from the ERP system
- Block or unblock user access to personal data
- Generate reports about stored personal data
This blog will discuss how organizations can implement SAP B1 data protection.
What is Personal Data in SAP B1?
Before discussing SAP B1 data protection, let’s first understand how SAP B1 defines personal data. Not every piece of data is considered as personal data.
SAP B1 tool uses data categorization to classify and manage personal data. By definition, any personal or sensitive data is classified as personal data. Hence, SAP B1 must properly classify various forms of data to identify and store personal data.
Next, let’s discuss the various types of personal data in SAP B1.
Types of Personal Data in SAP Business One
SAP Business One classifies data as personal, non-personal, and sensitive personal data. Examples of sensitive personal data include credit card numbers, bank accounts, passport numbers, or user-defined fields linked to any personal data.
In SAP Business One, sensitive personal data is automatically encrypted. Additionally, access to this data is restricted and available only to selected users. Data encryption and access restrictions are removed when the data category is changed from “sensitive personal” to “personal.”
Authorized users can view personal data in the “Personal Data Management” window of SAP B1. Let’s explore this functionality in the next section.
Using the Personal Data Management Functionality in SAP B1
With the Personal Data Management functionality, organizations can identify personal data for their use. You can open this window from the SAP Business One main menu by clicking Administration > Utilities > Data Protection Tools > Personal Data Management.
The “Personal Data Management” window displays the data type and other fields that may contain personal data. Additionally, it may display user-defined fields that are connected to personal data objects. You can use the “Data Classification” column to change individual data items from “personal” to “non-personal” or vice-versa.
Additionally, SAP Business One features the Personal Data Management wizard to connect personal data to an individual or person. Let’s see how in the following section.
Using the Personal Data Management Wizard in SAP B1
With the Personal Data Management Wizard, organizations can identify natural persons or individuals and persons whose personal data must be protected. In SAP B1, natural persons are real human beings and differ from entities like corporations, business partners, employees, and users.
You can open this wizard from the SAP Business One main menu by clicking Administration > Utilities > Data Protection Tools > Personal Data Management Wizard. With the “Personal Data Management” wizard, you can perform a series of steps by clicking Next on each step. In step 2, “General parameters,” select the “Determine natural persons” action to identify natural persons in SAP B1.
In the following third step, “Selection Criteria,” you can search SAP B1 for natural persons. The search results are displayed in the provided table (under the respective tabs). Besides determining the natural persons, you can use the “Personal Data Management” wizard to perform the following tasks:
- Reverse the identification of natural persons in SAP B1
- Create reports on the personal data of natural persons in SAP B1
- Erase the personal data of natural persons in SAP B1
- Block (or unblock) the access to personal data of natural persons in SAP B1
How does SAP B1 protect data classified as “sensitive personal?” Let’s discuss that in the following section.
Securing Sensitive Personal Data in SAP Business One
SAP Business One classifies the following data as “sensitive personal:”
- Identification cards issued by authorities
- Passport number
- Domestic and international bank account numbers of business partners
- Employee bank accounts
- Social security numbers
- User-defined fields
Sensitive personal data is, by default, encrypted in SAP B1 and hidden from the view of all users. Authorized users can view this data by right-clicking the fields and selecting to view the data. This right-click action is logged and recorded in the Sensitive Personal Data Access log file.
With this log file, organizations can track which users have accessed sensitive personal data in SAP Business One. Additionally, sensitive personal data can be viewed in the Personal Data Protection wizard through the Personal Data Reports action.
You can open the Sensitive Personal Data Access Log from the SAP Business One main menu by clicking Administration > Utilities > Data Protection Tools > Sensitive Personal Data Access Log. From the Log window that appears, you can select individual users from the log to check which data objects were accessed – along with the data subject, access time, and access method.
Apart from these SAP B1 data security features, this ERP tool also features Personal Data Protection functionality. Let’s know more in the following section.
Also Read: How to Migrate Data from Legacy Systems to SAP
Personal Data Protection Functionality in SAP Business One
The Personal Data Protection functionality in SAP Business One has more features and secures more personal data than the “Personal Data Protection Management” feature. With Personal Data Protection, organizations can automatically encrypt and restrict the editing of data across many fields. For instance, it can encrypt data in the following fields:
- The “ID No” field on the Personal tab of the Employee Master Data window.
- The “Passport No” field on the Personal tab of the Employee Master Data window.
- The “ID No. 2” field on the General tab of the Business Partner Master Data window.
The viewing and modification of encrypted data are controlled using Authorizations. Based on the authorization settings for each user, personal data can be viewed or edited. Here are the three main authorization settings:
- No Authorization: This is the default setting for most users. In this setting, data can be viewed in encrypted form and cannot be changed.
- Read Only: In tUhis setting, data can be viewed in unencrypted form but cannot be changed.
- Full Authorization: With this setting, the user has completed authorization to view and change the data.
You can change the authorization settings from the SAP Business One main menu by clicking Administration > System Initialization > Authorizations > General Authorizations > General > Access to Masked Data.
Conclusion
By using the SAP B1 data protection functionalities, organizations can secure personal data and comply with industry regulations like GDPR. As is evident, SAP Business One supports all data privacy and security requirements specified by GDPR.
Since its inception, Praxis Info Solutions has closely partnered with customers to understand their ERP requirements. With our advanced expertise in SAP Business One, we can help you fully leverage the various capabilities of this ERP tool. Read our blog on how SAP B1 add-ons can benefit your business.
If you want to know more, we can arrange a free product demo for your team. Contact Us for a product demo.