Various types of customer data are processed by and stored on the integration platform at different times. This data gets the highest level of protection, and SAP takes dedicated measures to guarantee this security level.
Governments place legal requirements on industry to protect data and privacy. We provide features and functions to help you meet these requirements.
We assume that software operators, such as SAP customers, collect and store the consent of data subjects, before collecting their personal data. A data privacy specialist can later determine whether data subjects have granted, withdrawn, or denied consent.
Read Access Logging
Read Access Logging is used to monitor and log read access to sensitive data. Data may be categorized as sensitive by law, by external company policy, or by internal company policy. Read Access Logging enables you to answer questions about who accessed particular data within a specified time frame. Such questions could be:
Who accessed the data of a given business entity, for example, a bank account?
Who accessed personal information, such as health data?
Who accessed personal data of accounts or business partners?
A tenant administrator can display audit logs for a tenant using the Monitoring application of the Web UI (under Manage Security in the Audit Log tile).
Additionally, within SAP, audit logs can be displayed for teams in charge of maintaining the virtual cloud environment and to analyze and resolve error situations. Audit logs related to different customers are separated from each other (according to the tenant isolation feature).
Note: SAP Cloud Platform Open Connectors does not store or retain this type of sensitive user information such as credit card, health or personal data.
More information: Security-Relevant Logging and Tracing
An information report is a collection of data relating to a data subject. A data privacy specialist may be required to provide such a report or an application may offer a self-service. SAP Cloud Platform Open Connectors assumes that software operators, such as SAP customers, can provide such information.
Erasure of Personal Data
When handling personal data, consider the legislation in the different countries where your organization operates. After the data has passed the end of purpose, regulations may require you to delete the data. However, additional regulations may require you to keep the data longer. During this period you must block access to the data by unauthorized persons until the end of the retention period, when the data is finally deleted.
Data stored on the SAP Cloud Platform Open Connectors platform is only stored for a limited time period (referred to as retention time).
For more information on the retention times for the various kinds of data stored by SAP Cloud Platform Open Connectors, see Specific Data Assets.