Professional Documents
Culture Documents
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see for additional
trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with
respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein
should be construed as constituting an additional warranty.
SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related
presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies
at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and
uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied
upon in making purchasing decisions.
Version History
1 May 04th, 2018 Guide for Blocking and Deletion – Data Controller Rule Framework
SAP S/4HANA Cloud - Draft Version
2 May 07th, 2018 Guide for Blocking and Deletion – Data Controller Rule Framework
SAP S/4HANA Cloud - Final Draft Version
You use the Data Controller Rule Framework to ensure that personal data can be stored according to applicable legal
requirements and in compliance with general data privacy acts. Any personal data collected or processed is linked to a
predefined purpose. The data controller determines the purposes for which and the manner in which any personal data is
to be processed. Even after the residence periods (which represent the primary purpose for which the personal data was
initially stored) ends, personal data can still be retained for other explicit legal reasons. The reasons include retention
periods prescribed by law, statutes, or contracts. After the end of all retention periods, personal data shall be destroyed.
The Data Controller Rule Framework simplifies the maintenance of these residence periods and retention periods. It
provides the definition of purposes as reasons for storing personal data representing the used business processes and
the involved business objects. The definition of the data controller assigns the line organization attributes, which represent
the data controller in the system. The rule maintenance is based on the data controller and the purposes defined for a
data controller. The data controller and purposes are related to the data in the system as well as to the Information
Lifecycle Management (ILM) objects. The activation of maintained rules creates all the required ILM configuration and
policies for each assigned ILM object according to its individual settings.
A customer key user who is responsible for maintaining retention and residence rules will define these rules during the
initial preparation of the system and also later as and when any adjustment is needed.
Preparation
ILM Audit Area SAP_BR_DATA_PRIVACY_SPECIALIST Using this app, you can create new audit areas
and edit existing audit areas.
Data Controller Rule SAP_BR_BPC_EXPERT With this app, you can define the data controller,
Framework assign organization entities and set conditions for
the organization entities
SSCUI - Define data
controller
Data Controller Rule SAP_BR_BPC_EXPERT With this app, you can define a purpose, assign
Framework ILM objects to purpose, and maintain condition
fields. The purpose can be used when defining
SSCUI - Define purpose of
retention rules in SAP ILM or when providing
retention rules
information on personal data.
Data Controller Rule SAP_BR_BPC_EXPERT With this app, you can set the default time
Framework reference and time offset for an ILM object. This
would be used in the rule generation for all ILM
SSCUI - Set time reference
policies.
and time offset
Data Controller Rule SAP_BR_BPC_EXPERT With this app, you can set the default audit area for
Framework the rule generator
SSCUI - Set default audit
area
Manage ILM Business SAP_BR_DATA_PRIVACY_SPECIALIST Using this app, you can create and edit ILM
Rules business rules.
1.2.1 Create and maintain default audit area for retention rule generation
Choose New. On the Audit Area: NEW screen, enter a name for the audit area which starts with Y
or Z, a description, and select the policy category Retention Rules.
Scroll down the list of ILM Objects until you see desired object. Include the object in this Audit
Area by selecting checkbox Object Assignment.
Choose Save.
Using search function, choose the default Audit Area for rule generation and save your changes.
To view the objects that are already available, choose Go. If the object for which you want to set up time reference is
already on the list, select the line and skip next step.
If the object you need is not yet available, choose the + icon on the Define Time Reference screen.
You will create two new purposes for data processing: sales of books and sales of tax advisory services.
The purpose represents a business process that groups ILM objects that relevant for the process. These ILM objects have
the same residence rules and retention rules. In our guide we will use object SD_VBAK (sales order).
Logon with the Business Role SAP_BR_BPC_EXPERT, choose Configure Your Solution app and
access configuration option Rule Generator. Choose Configure in line Define Purpose of
Retention Rules.
To view the purposes that are already available, choose Go. If the purpose for which you want to set up time reference is
already on the list, select the line instead of creating new purpose.
On the Define Purpose screen, choose the + icon to create the purpose.
Choose Add. On the ILM Object Condition Assignment tab, choose the field for Condition, and enter condition values in
the From and To fields. Choose Save and go back to the Configuration User Interfaces list.
You can repeat the steps and create another purpose, e.g. sales of tax advisory services, with the
same condition field (sals order type) but different condition value (order type L2).
Logon with the Business Role SAP_BR_BPC_EXPERT, choose Configure Your Solution app and
access configuration option Rule Generator. Choose Configure in line Define Data Controller.
You will create two new data controllers for two new entities: DE and US
With the Manage ILM Business Rules app, you can create, delete, edit, and display business rules. In this step, you create
new ILM business rules and simulate the results.
From the Information Lifecycle Management group, choose the Manage ILM Business Rules app.
You can repeat the steps and create another rule for sales of tax services, then create the rules
for data controller for another entity (US_DC).
From the Information Lifecycle Management group, choose the Manage ILM Business Rules app.
To see the status change from Draft to Active, choose Refresh after activation.
Choose the line of the DE_BOOKS rule.
On the next screen, go to the Generated Rules tab and to the rules that are automatically created.