In April 2016, the EU adopted a new law on the protection of personal data, the GDPR. Starting May 25, 2018, this law applies to all EU countries. Even though GDPR does not bring substantial new concepts to the current law, however, users who process personal data have more rules to comply with, such as:
1. Report and be able to inform individuals about the personal data they have stored about them
2. Allow right to be forgotten (deletion)
3. Allow traceability of personal data changes
4. Record users’ access to personal data

GDPR applies to companies that process personal data of individuals in the EU, regardless of the company’s headquarters.

SAP Business One 9.3 PL04 comes with a number of improvements to help companies comply with GDPR requirements:


Authorizations allow users to view, add, and update documents according to the ownership.a data definitions

Control and determine which individual (user) has access to a particular form, object, or single field in the interface.

You can restrict users’ access to documents and / or personal data.

Data Ownership

Data Ownership allows the company to control the information and documents found in the system, so that each user can only view / add / update on the clients and documents they own.

Manage data ownership by:

Documents: Permissions are defined per document.
Business Partners: document permissions are defined based on user access to partner’s file.
In version 9.3, this authorization level can also be handled at the workspace level.

Change Log Cleanup

A new option that allows users to clean up logs with changes to partners, documents, etc. to reduce the size of the company’s database (utility is available to users according to authorizations). This procedure allows companies that have long used SAP Business One to delete old data updates.

System Message Log

The Access Log window displays the access details for SAP Business One users who logged in and disconnected from one of the following: SAP Business One client and DI API.

This is an important option when fraudulent operations need to be analyzed, because the system logs the date, time, and the user logging in / logging.

Data Protection Tools

Configuring Confidential Data Management

Personal Data – Enhanced Change Log SettingsWays to define and classify personal data.

Personal Data – Enhanced Change Log Settings

New Objects in the Change Log: Activities, CECs, Service Contacts, Record Date, Time, and User Who Made the Change.

Personal Data Management

New functionality within the Personal Data Management Wizard that allows users, employees, partners and contacts to be identified as individuals, essential for data security under the GDPR.

Report personal data (at the request of a specific person)

Individuals have the right to contact any organization to request details about the personal data the organization stores and processes. The organization must submit a report, a report that collects the master data and transactions information in the system.

Delete personal data (irreversible)

New and very important option in the Personal Data Management Wizard to delete all personal data (by configuring Personal Data Management) of selected individuals, master data and transactions.

Deleting data from all affected transactions and master data will be replaced by ***

The status of the person whose personal data has been deleted will change to Erased.

This action is irreversible and must be taken after proper review and after verifying that all retention periods have expired and there is no legal obligation to hold the data of the individual.