CAPireBasics of Data Privacy with CAP
Introduction
Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data protection and privacy acts, you need to consider compliance with industry-specific legislation in different countries.
SAP provides specific features and functions to support compliance regarding the relevant legal requirements, including data protection. SAP does not give any advice on whether these features and functions are the best method to support company, industry, regional, or country-specific requirements. Furthermore, this information should not be taken as advice or a recommendation regarding additional features that would be required in specific IT environments. Decisions related to data protection must be made on a case-by-case basis, considering the given system landscape and the applicable legal requirements.
CAP supports applications in their obligations to comply to data privacy regulations, by automating tedious tasks as much as possible based on annotated models. Using annotations and configurations, CAP supports you using SAP BTP services, which enable you to fulfill specific data privacy requirements in your application. This means at first, personal data management, with the help of annotations and configurations and the SAP Personal Data Manager service.
Indicate Personal Data in Your Domain Model
Use @PersonalData annotations to indicate entities and elements in your domain model, which will contain personal data.
TIP
The best practice is to do that in separate files.
See also: Using Aspects for Separation of Concerns.
Let's have a look at our sample.
Open the db/data-privacy.cds file, which contains our data privacy-related annotations.
// Proxy for importing schema from bookshop sample
using {sap.capire.bookshop} from './schema';
// annotations for Data Privacy
annotate bookshop.Customers with @PersonalData : {
DataSubjectRole : 'Customer',
EntitySemantics : 'DataSubject'
}
{
ID @PersonalData.FieldSemantics : 'DataSubjectID';
emailAddress @PersonalData.IsPotentiallyPersonal;
firstName @PersonalData.IsPotentiallyPersonal;
lastName @PersonalData.IsPotentiallyPersonal;
creditCardNo @PersonalData.IsPotentiallySensitive;
dateOfBirth @PersonalData.IsPotentiallyPersonal;
}
annotate bookshop.CustomerPostalAddress with @PersonalData : {
DataSubjectRole : 'Customer',
EntitySemantics : 'DataSubjectDetails'
}
{
Customer @PersonalData.FieldSemantics : 'DataSubjectID';
street @PersonalData.IsPotentiallyPersonal;
town @PersonalData.IsPotentiallyPersonal;
country @PersonalData.IsPotentiallyPersonal;
}// Proxy for importing schema from bookshop sample
using {sap.capire.bookshop} from './schema';
// annotations for Data Privacy
annotate bookshop.Customers with @PersonalData : {
DataSubjectRole : 'Customer',
EntitySemantics : 'DataSubject'
}
{
ID @PersonalData.FieldSemantics : 'DataSubjectID';
emailAddress @PersonalData.IsPotentiallyPersonal;
firstName @PersonalData.IsPotentiallyPersonal;
lastName @PersonalData.IsPotentiallyPersonal;
creditCardNo @PersonalData.IsPotentiallySensitive;
dateOfBirth @PersonalData.IsPotentiallyPersonal;
}
annotate bookshop.CustomerPostalAddress with @PersonalData : {
DataSubjectRole : 'Customer',
EntitySemantics : 'DataSubjectDetails'
}
{
Customer @PersonalData.FieldSemantics : 'DataSubjectID';
street @PersonalData.IsPotentiallyPersonal;
town @PersonalData.IsPotentiallyPersonal;
country @PersonalData.IsPotentiallyPersonal;
}It is important to annotate the data privacy-relevant entities as DataSubject, DataSubjectDetails, or Other.
You can annotate different CDS artifacts, such as entities or fields. The data privacy annotations work on different levels - from the entity level to the field level, as described below.
Entity-Level Annotations
Entity-level annotations indicate which entities are relevant for data privacy. The most important annotations are:
@PersonalData.EntitySemantics: 'DataSubject'
@PersonalData.EntitySemantics: 'DataSubjectDetails'
@PersonalData.EntitySemantics: 'Other'@PersonalData.EntitySemantics: 'DataSubject'
@PersonalData.EntitySemantics: 'DataSubjectDetails'
@PersonalData.EntitySemantics: 'Other'| Annotation | Description |
|---|---|
DataSubject | The entities of this set describe a data subject (an identified or identifiable natural person), for example, Customer or Vendor. |
DataSubjectDetails | The entities of this set contain details of a data subject (an identified or identifiable natural person) but do not by themselves identify/describe a data subject, for example, CustomerPostalAddress. |
Other | Entities containing personal data or references to data subjects, but not representing data subjects or data subject details by themselves. For example, customer quote, customer order, or purchase order with involved business partners. These entities are relevant for audit logging. There are no restrictions on their structure. The properties should be annotated suitably with FieldSemantics. |
❗ Data Subject and Data Object
For each specific personal data operation on a data object (like a Sales Order) a valid data subject (like a Customer) is needed. The application has to clarify that this link between data object and data subject - which is typically induced by an annotation like Customer @PersonalData.FieldSemantics : 'DataSubjectID'; - is never broken. Thus, semantically correct personal data operation logs can only be written on top of a semantical correctly built application.
Make sure that the data subject is a valid CAP entity, otherwise the metadata-driven automatism will not work.
Key-Level Annotations
Key-level annotations indicate the corresponding key information.
@PersonalData.FieldSemantics: 'DataSubjectID'@PersonalData.FieldSemantics: 'DataSubjectID'This key information consists of the DataSubject (= Person) and its identifiers and the corresponding personal documents (such as Order, Consent, ...) and its identifiers. The latter is always captured implicitly, so we mainly have to specify the type and the key of the DataSubject.
Field-Level Annotations
Field-level annotations tag which fields are relevant for data privacy in detail.
@PersonalData.IsPotentiallyPersonal@PersonalData.IsPotentiallyPersonalThis allows you to manage the data privacy-related actions on a fine granular level only using metadata definitions with annotations and without any need of implementation.