SAP Open Connectors

Data Protection and Privacy Overview

Various types of customer data are processed by and stored on the integration platform at different times. This data gets the highest level of protection, and SAP takes dedicated measures to guarantee this security level.

General Information

Governments place legal requirements on industry to protect data and privacy. We provide features and functions to help you meet these requirements.

User Consent

We assume that software operators, such as SAP customers, collect and store the consent of data subjects, before collecting their personal data. A data privacy specialist can later determine whether data subjects have granted, withdrawn, or denied consent.

Read Access Logging

Read Access Logging is used to monitor and log read access to sensitive data. Data may be categorized as sensitive by law, by external company policy, or by internal company policy. Read Access Logging enables you to answer questions about who accessed particular data within a specified time frame. Such questions could be:

  • Who accessed the data of a given business entity, for example, a bank account?

  • Who accessed personal information, such as health data?

  • Who accessed personal data of accounts or business partners?

A tenant administrator can display audit logs for a tenant using the Monitoring application of the Web UI (under Manage Security in the Audit Log tile).

Additionally, within SAP, audit logs can be displayed for teams in charge of maintaining the virtual cloud environment and to analyze and resolve error situations. Audit logs related to different customers are separated from each other (according to the tenant isolation feature).

Note: SAP Open Connectors does not store or retain this type of sensitive user information such as credit card, health or personal data.

For more information about audit logs, click here.

Information Report

An information report is a collection of data relating to a data subject. A data privacy specialist may be required to provide such a report or an application may offer a self-service. SAP Open Connectors assumes that software operators, such as SAP customers, can provide such information.

Informing Data Subjects about Personal Data Stored 

Applications that store personal data provide a retrieval function used to report or display personal data stored about the data subject. By default, this function contains any data that is foreseen as personal data about the data subject to be stored by SAP Open Connectors. This functionality is provided in order to view the extracted data in an intelligible way, and to download the extracted data in a structured, commonly used, and machine-readable format. Personal data can be read, altered, or removed using the Audit Logs and Activity APIs. Access to the function is restricted by adequate authorizations.

Erasure of Personal Data

When handling personal data, consider the legislation in the different countries where your organization operates. After the data has passed the end of purpose, regulations may require you to delete the data. However, additional regulations may require you to keep the data longer. During this period you must block access to the data by unauthorized persons until the end of the retention period, when the data is finally deleted.

Data stored on the SAP Open Connectors platform is only stored for a limited time period (referred to as retention time).

For more information on the retention times for the various kinds of data stored by SAP Open Connectors, click here.

Changes to Personal Data can be Logged

Whenever personal data is read, altered, or removed, the action and the actor can be verified later. The SAP Open Connectors platform ensures this by using Activity or Audit Logs APIs.