公开(公告)号：US10430413B2

公开(公告)日：2019-10-01

申请号：US15070812

申请日：2016-03-15

Applicant: SAP SE

Inventor： Bjoern Christoph ,  Marco Valentin ,  Carsten Pluder ,  Volker Lehnert ,  Johannes Gilbert

IPC: G06F16/2455 ,  G06F16/248 ,  G06F16/28 ,  G06F16/22

Abstract: A data information framework collects related data sharing characteristics (e.g., personal information, others) revealed by associated purpose information, and reports on that data. The location of the data is not restricted, and can be collected from various locations (e.g. different databases on different computer systems). An engine implements data creation defining links between different stored data structures (e.g., tables) using specific fields. A plurality of tables may be grouped into a smaller number of table clusters to facilitate constructing the data model. The model may be evaluated, enhanced, and/or corrected (e.g., by a user). The model may include fields reflecting the purpose information for the stored data, said fields accessible by the engine during data handling processes. The data model may include descriptions providing data storage location. Purpose information may be mapped to table fields. Field descriptions may be based upon purpose information, with some field values having intelligible text.

公开(公告)号：US12164470B2

公开(公告)日：2024-12-10

申请号：US17457811

申请日：2021-12-06

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel ,  Geetha Gopalakrishnan ,  Tobias Schmidt ,  Antsa Andriamboavonjy ,  Dharshan A ,  Carsten Pluder

IPC: G06F21/62 ,  G06F16/11 ,  G06F16/25 ,  H04L67/566

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving, from a requesting application in a landscape that includes a set of multiple applications, a data subject information request for a data subject. A set of target applications is determined from the set of multiple applications. The data subject information request is provided to each target application in the set of target applications. A data subject information response is received from each of the target applications. Each data subject information response includes application data for the data subject that was retrieved by a respective target application in response to the data subject information request. The received data subject information responses are aggregated to generate an aggregated data subject information response. The aggregated data subject information response is provided to the requesting application in response to the data subject information request.

公开(公告)号：US12079358B2

公开(公告)日：2024-09-03

申请号：US17457827

申请日：2021-12-06

Applicant: SAP SE

Inventor： Ufuoma Ighoroje ,  Benny Rolle ,  Matthias Vogel ,  Carsten Pluder ,  Karl Tillmann Rendel

IPC: G06F21/62 ,  G06F16/903

CPC classification number: G06F21/6218 ,  G06F16/90335

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes sending a block command for an object to each application in a multiple-application landscape that includes a master data distribution application. A blocking status is received from each application that indicates whether the application successfully blocked the object in response to the block command. An overall blocking status is determined based on the received blocking statuses. In response to determining that at least one application failed to block the object, an unblock command is sent to each application. An unblocking status is received from each application and an overall unblocking status is determined. In response to determining that at least one application failed to unblock the object, a redistribution request is sent to the master data distribution application to redistribute the object to applications that failed to unblock the object.

公开(公告)号：US20170091479A1

公开(公告)日：2017-03-30

申请号：US14871390

申请日：2015-09-30

Applicant: SAP SE

Inventor： Carsten Pluder ,  Dinesh Ravindran ,  Alain Bacchi

IPC: G06F21/62 ,  G06F17/30 ,  H04L29/06

CPC classification number: G06F21/6227 ,  G06F17/30085 ,  G06F21/6236 ,  G06F21/6245 ,  H04L63/0407 ,  H04L63/102 ,  H04L63/108

Abstract: Embodiments described herein relate to an improved technique for blocking access to data records associated with an entity in a network comprising a plurality of systems. The operations include accessing and analyzing determination criteria associated with the entity to determine in which systems the data should be blocked. An end-of-purpose determination can be performed in one or more of the systems based on whether the current system is a master system, a dependent system of the master system, or a standalone system of the plurality of systems. Access to the entity data records can then be blocked from the appropriate systems when an end of purpose for the data has been reached for any processes running on the system.

公开(公告)号：US20160350339A1

公开(公告)日：2016-12-01

申请号：US14727838

申请日：2015-06-01

Applicant: SAP SE

Inventor： Volker Lehnert ,  Carsten Pluder

IPC: G06F17/30

CPC classification number: G06F16/217 ,  G06F16/21 ,  G06F16/2379 ,  G06Q10/10

Abstract: Various embodiments of systems and methods to determine data retention rules for data entities are described herein. In one aspect, the data entities are obtained. Usage statuses of the data entities are determined. One or more purpose of data corresponding to the one or more data entities is received. Further, legal entities corresponding to the one or more data entities are identified based on line organization attributes and the usage statuses. Process object attributes associated with the one or more data entities are identified based on the legal entities. Retention rules for the one or more data entities are determined based on the one or more purpose of data, the legal entities and the process object attributes.

Abstract translation: 本文描述了确定数据实体的数据保留规则的系统和方法的各种实施例。 在一个方面，获得数据实体。 确定数据实体的使用状态。 接收与一个或多个数据实体对应的数据的一个或多个目的。 此外，基于线路组织属性和使用状态来识别与一个或多个数据实体相对应的法定实体。 基于法定实体来识别与一个或多个数据实体相关联的过程对象属性。 基于数据，法律实体和过程对象属性的一个或多个目的来确定一个或多个数据实体的保留规则。

公开(公告)号：US20250013778A1

公开(公告)日：2025-01-09

申请号：US18347029

申请日：2023-07-05

Applicant: SAP SE

Inventor： Benny Rolle ,  Stefan Hesse ,  Matthias Vogel ,  Carsten Pluder

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy protocols. One example method includes receiving information defining a purpose for processing personal data of a data category stored in an object. A first mapping is received of a processing action to the purpose. Input data to be obtained for the processing action is identified. A determination is made as to whether the input data is of the data category that has been mapped to the purpose. The processing action is executed using the input data as purpose-based processing of the input data, in response to determining that the input data can be used during execution of the processing action for the purpose. Processing of the input data by the processing action is prevented, in response to determining that the input data cannot be used during execution of the processing action for the purpose.

公开(公告)号：US20220277023A1

公开(公告)日：2022-09-01

申请号：US17186934

申请日：2021-02-26

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Carsten Pluder ,  Ufuoma Ighoroje ,  Carlo Fuerst ,  Iwona Luther

IPC: G06F16/27

Abstract: The present disclosure involves systems, software, and computer implemented methods for aligned purpose disassociation in a multi-system landscape. One example method includes receiving, from multiple systems, a can-disassociate status for a purpose for an object instance. The status from a respective system can be an affirmative status that indicates that the system can disassociate the purpose from the instance or a negative status that indicates that the system cannot disassociate the purpose from the instance. The received statuses are evaluated to determine a central disassociate purpose decision for the purpose for the instance. The central disassociate purpose decision can be to disassociate the purpose from the instance when no system has the negative status and to not disassociate the purpose from the instance when at least one system has the negative status. The central disassociate purpose decision is provided to at least some of the multiple systems.

公开(公告)号：US20190005210A1

公开(公告)日：2019-01-03

申请号：US15636677

申请日：2017-06-29

Applicant: SAP SE

Inventor： Joerg Wiederspohn ,  Volker Lehnert ,  Carsten Pluder ,  Bjoern Christoph

IPC: G06F21/31 ,  G06F21/62 ,  G06F19/00 ,  G06Q50/24 ,  G06F19/28

CPC classification number: G06F21/31 ,  G06F21/6245 ,  G06Q10/10 ,  G06Q50/18 ,  G06Q50/24 ,  G16B50/00 ,  G16H10/60 ,  G16H40/20

Abstract: A consent management system (CMS) manages a number of individual consent data records of data subjects. The CMS stores predefined consent templates to be instantiated when an individual consent data record is created. The CMS represents a centralized system for management of individual consent data records that are created, stored, and maintained in relation to provided consent by data subjects for purposes of operations related to stored personal data records by associated application systems. The CMS may run on an on-premise, cloud, or personal device computing platform.

公开(公告)号：US12072993B2

公开(公告)日：2024-08-27

申请号：US17457797

申请日：2021-12-06

Applicant: SAP SE

Inventor： Ufuoma Ighoroje ,  Benny Rolle ,  Matthias Vogel ,  Carsten Pluder

IPC: G06F21/62 ,  G06F16/903

CPC classification number: G06F21/6218 ,  G06F16/90335 ,  G06F21/629

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

公开(公告)号：US20230185938A1

公开(公告)日：2023-06-15

申请号：US17546351

申请日：2021-12-09

Applicant: SAP SE

Inventor： Diane Schmidt ,  Carsten Pluder

IPC: G06F21/62

CPC classification number: G06F21/6218

Abstract: Computer-readable media, methods, and systems are disclosed for providing purpose-based processing of data. A purpose agent assigns one or more purposes to a set of data such that access to the set of data may be restricted to a select few specifically authorized entities based on an assigned purpose. A retention period for storing the data is determined based on the assigned purpose. When the retention period expires the data is deleted from a data store.