Have you ever heard of a data subject request (DSR)? It is a request to know where and how our personal data is processed. In fact, every citizen has the ability to make a request for a copy of their personal data for any purpose.

The meaning of a data subject request (DSR)

The data subject request as a legal category has appeared according to the European Data Protection Regulation (GDPR). Thus, through this request, each interested party can request a copy of their personal data from the owner. Several platforms offer this option, usually in the Privacy menu. But are privacy and personal data the same thing? Let’s take a look together as an example on different platforms. Starting with the SAP Universal ID platform. Through the Privacy menu, you can request a revocation of your data (another right introduced by GDPR) and also request a copy of your data “Request Data Export.” Universal ID -> SAP (features present in SAP Universal ID) You can also do the same extraction on other platforms, such as Google. In the Google account settings, through the menu “Data and Privacy,” you can “Download your data.» Also, Facebook offers, of course, the same feature in the menu “Your information on Facebook” – “Access your information.” But what do we find in this report? There is no generic and standard form; each platform often has different ways of providing this data. A ZIP archive with all the data grouped into folders or not, additional data in more technical formats like XML. And the best solution for comprehensive data privacy management will help to develop Ethyca DSR.

Should data subject queries also be executed in SAP?

If there is stakeholder data, you need to determine how to handle this request that may come in. But by whom? By employees, suppliers, or customers. Clearly, in the latter cases, they must be individuals. If your company’s business is entire “business to business,” that is, with respect to companies, you will probably need to manage this request only for your employees. If your customer or supplier data is stored in SAP systems as individuals, you will need to activate the procedure for them as well.

What to do in SAP if I rollback in the cases described above

There are several scenarios that can be explored. This can also occur because of the complexity of the systems and the amount of data that needs to be extracted. In some SAP systems, for example, only the SAP ERP management system is very limited (hence only one system, the stakeholder data is in very specific tables). In other, more complex scenarios, data subjects’ data is “scattered” across multiple SAP systems. ERP, for example, is not necessarily one. In the case of utilities in IS-U (Industry Solutions Utility) systems or in CRM (Customer Relationship Management) or SRM (Supply Relationship Management) systems, on-premises or in the cloud. Technological aspects can also clearly have an impact. Especially in a hybrid situation where some systems are on-premises, and others are in the cloud.