Over 23 customers are already relying on the PROMOS data protection solution package

We were already well aware of the importance of data security for the acceptance of products and customer satisfaction long before the discussion around Germany’s coronavirus warning app. And we have observed in various industries this year that a well thought-out data protection concept is not simply a nice-to-have whose implementation may have been required across Europe through strict European Commission directives only to be waved though with a wink by lax national authorities. Inspections have been thorough, and the fines for violations have accordingly been high.

For these reasons, the PROMOS data protection solution package was already seeing booming demand at the beginning of the year. More than 23 customers are already using the solution. But what were the most convincing arguments that sealed their decision to implement the PROMOS solution? And what makes the PROMOS project approach so special? We take a look behind the scenes.

What does the EU-GDPR require companies to do?

The data protection solution package developed by PROMOS is based on the EU General Data Protection Regulation, whose implementation has been legally required in Germany, too, since 25 May 2018. It is based on two crucial pillars: the right to information and the right to be forgotten. Since the legal regulation came into effect, companies have been required to disclose information regarding data collection to individuals upon request and, if data on an individual has been collected, to provide the individual with a copy of the data relating to them. At the same time, companies are obligated to delete personal data as soon as the purpose of data storage no longer exists or when the affected person demands its deletion. Exceptions apply for statutory retention periods or, for instance, in the case of a legal dispute.

What are the advantages of a test phase prior to introducing the solution?

The dependable protection of personal data has always been a top priority for quality-conscious companies. The topic of data protection is nevertheless typically not a core competence for housing and real estate companies. To ensure compliance with the ambitious guidelines of the new data protection regulation in an uncomplicated manner, though, PROMOS has developed an automated solution for its implementation. The compact package is integrated into the existing SAP® system with modest consulting effort so that subsequent manual work steps are kept to a minimum. Already while introducing the solution, PROMOS follows the guiding principle of saving as many resources as possible. The best practice approach of PROMOS begins with presenting the customer with a prototype of the solution. In this initial proof-of-concept phase, a company can first experience the scope and functionality of the PROMOS data protection solution package in a test environment in order to decide whether the package should even be considered as a solution. This method additionally makes it possible to identify areas for adjustment or expansion for the potential live operation at a very early stage so they can then be implemented in the PROMOS standard in an uncomplicated manner. Compared to the SAP solution Information Lifecycle Management (ILM), the package from PROMOS is far more streamlined, which very quickly puts customers in a position to accommodate the legal requirements in a convenient, systematic and above all automated way.

Anonymisierungsprotokoll personenbezogener Daten im PROMOS Lösungspaket Datenschutz

Figure 1: A protocol shows that active business relationships and open items exist for the selected business partner, which makes an anonymisation not possible at the time of the check.

What elements comprise the data protection package from PROMOS?

The solution for implementation of the GDPR requirements is chiefly composed of two components. For one thing, business partner data from SAP® is automatically anonymised as soon as set retention deadlines are passed. An intermediate clean-up can also be performed once the purpose of the data storage lapses. For example, after a defined timespan following the end of a lease, the bank information of a former customer can be overwritten since no regular billing takes place anymore and the data is no longer needed. For another, the package contains a tool for the output of personal data. This enables the creation of both a technical overview and a print-friendly version of all relevant data to be sent to the customer.

The components of the PROMOS data protection solution package can be individually adjusted and expanded according to the wishes and requirements of the customer. It is possible to link it to a third-party system, for instance, or additionally implement a process anonymisation for easysquare workflow.

How can legal holds be mapped in SAP®?

So called legal holds represent special cases in many companies. This entails an individual extension of the legal retention mandate for documents and data for reasons such as a legal dispute. If there is a legal dispute with a customer, then the associated business partner data cannot be deleted at the end of the business relationship, of course. There is then a new purpose for retention of the personal data. A differentiated approach is recommended to control the storage or deletion in a targeted manner. PROMOS offers the opportunity to set an unlimited number of legal holds in SAP®. One legal hold can apply to exactly one business partner, for example, and another legal hold can affect that very same business partner and two additional contracts. In this way, it is possible to decide at a very granular level which business partner data should be anonymised and which should not. This allows companies to uphold their obligation to retain data just as conscientiously and consistently as their obligation to delete it.

Informationstechnologie und Immobilien (IT&I) Ausgabe Nr. 33 / April 2022

Would you like to receive our magazine regularly? 

Our specialist magazine “IT&I – Informationstechnologie und Immobilien” is published every six months and informs you about the background and basics of current topics, details about applications for the real estate industry and the latest IT developments relating to specialist topics for the real estate industry. Sign up for the online or the printed edition here!

What do we conclude from this?

The PROMOS data protection solution package is tailored to the special requirements of the EU GDPR. The basic structure is designed to allow for introduction in SAP® RE-FX for any company within even very short periods of time. The individual adjustment of a proven standard solution has established itself as a best practice over the past few years at PROMOS and is possible across industries. Additionally, the main advantage of anonymisation of personal data over its deletion, as is provided for in the standard EU GDPR from SAP (SAP® ILM), is that business data and its links to business partners is retained and can therefore still be analysed in the future. This is particularly beneficial in light of the enhanced options for analyses using SAP S/4HANA®.

Please wait