SAP ILM – Solution to GDPR Data management

General Data Protection Regulation (GDPR) is a cumulative compliance requirement toward EU Data protection. It gives individual the control and protection of their personal data.

Any company that does business with European citizens – regardless of the location gets impacted with GDPR. It also applies to Natural persons, irrespective of their nationality or place of residence in the EU.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible on specific criteria.

There is no single SAP Solution for the GDPR compliance; however, combination of multiple compliance product stacks from SAP & SAP Partner extension can address the overall GDPR requirement.


Data management in accordance with GDPR has two critical requirements; Data retention and Right to be forgotten

  • “ Data retention ” requirement can be addressed by the standard SAP ILM feature, which defines policies, rules and destruction of qualified data at end of the retention period.
  • “ Right to Be Forgotten ”, means delete the data that has fulfilled the intended purpose and when deletion is not possible for data that are required for legal/compliance, then block the data to allow the Display access by the authorized person. SAP ILM blocking and deletion functionality addresses the requirement.