Working with Data Security in SAP Sports One

Data security is fundamental to protecting sensitive information from unauthorized access, corruption, or theft. With increasing digital threats, safeguarding data is not just a best practice but a legal requirement, especially under regulations like GDPR. Ensuring data security involves not only protecting the data itself but also controlling who accesses it and under what circumstances.

As a Data Security Officer, it’s critical to stay informed on the latest security standards and best practices for SAP Sports One to maintain a secure environment for personal and operational data. Here’s how you can access the latest security guidelines and take steps to ensure a secure operation.

For the most up-to-date security information, you can access the SAP Sports One Security Guide directly from the SAP Help Portal for SAP Sports One Implement. Alternatively, log into the SAP Sports One application, go to Data Security, and select Security Guide to view the latest guidelines and recommendations for securing data within SAP Sports One.

For additional security information, see the documentation for SAP Business Technology Platform (SAP BTP).

Retention policies are essential for ensuring compliance with data protection regulations, such as the European Data Protection Regulations (GDPR). They define how long personal data is retained and specify when it should be deleted, helping organizations minimize data security risks and meet legal obligations.

As a Data Security Officer, it is your responsibility to configure and enforce retention and deletion periods for personal data in SAP Sports One. Here’s how you can manage these policies in SAP Sports One.

With the role of Data Security Officer, navigate to Data Security > Retention Policies in SAP Sports One. In this overview, you can view a list of modules and their associated personal data. By default, retention policies for all modules are deactivated!

Hover over the information icon next to the object name for details about the validity period's attribute. To activate a retention policy for a module, switch the Active control on for the relevant module. Here, you can specify the Blocked After period (in days). This defines how long objects will remain available after their last change or the end of their validity period.

Beside the Blocked After, you can also specify the Deleted After period (in days). This is the time after which objects and their dependent data will be permanently erased from the system. Ensure the Deleted After period exceeds the Blocked After period.

Deactivating a policy halts the automatic deletion of objects. Blocked objects can be unblocked by selecting the Show blocked data option on an object and unblocking selected items from the list.

By setting and maintaining appropriate retention policies, you can protect sensitive personal data, comply with regulatory requirements, and ensure that data is retained only as long as necessary for operational or legal purposes.

Access log tracking is a crucial component of data security and compliance, especially for platforms like SAP Sports One. It provides transparency and accountability by recording who accessed which modules and tables, as well as their actions. This not only helps in identifying unauthorized access but also supports compliance with data protection regulations.

As a Data Security Officer, it is essential to ensure tracking of user activities. Here's how you can activate and manage access logs in SAP Sports One effectively.

With the role of Data Security Officer, navigate to Data Security > Access Log in SAP Sports One. In this overview, you can view a list of modules and relevant tables where access logging is applicable. By default, data access logging for all modules is deactivated.

To enable a data access log, activate the Edit Access Log option and select a table of the relevant module to be logged. You can choose which data access should be logged: Read, Write or Read/Write.

To view the data access log, select the relevant table and navigate to View Access Log Details, where you can do the following:

• Apply a filter to narrow down the list of entries.
• View the list, which provides all the details of data access for the selected table.
• At the bottom of the list, view the total number of log entries.

Defining and managing terms of use documents is critical for establishing clear user agreements and ensuring compliance with legal and organizational policies. These documents outline the rules and conditions users must accept to access and use applications within the SAP Sports One ecosystem.

As a Data Security Officer, you are responsible for preparing and maintaining these documents for the SAP Sports One portal and mobile applications such as SAP Team One and SAP Scout One. For the portal, the terms of use must be prepared as a PDF, while for the mobile apps, the document should be in text file format.

When users log in, they are presented with the terms of use, which they must accept to proceed. These documents can be tailored to specific user roles, and it is possible to generate reports to verify which users have accepted the terms. To access and manage the Terms of Use, navigate to the Data Security section in SAP Sports One. A comprehensive list of all documents, including their validity periods, associated roles, and consent statuses, is available for review.

Existing documents can be viewed by selecting the document icon, which downloads the file locally. To make changes, select the Edit Terms of Use option. If new documents need to be added, choose the appropriate tab for the portal or mobile application, upload the prepared file, and activate it by toggling the Active button. Additional details such as the title, validity period, and relevant roles or applications can be specified. The labels for the Accept and Reject buttons can also be customized if required.

Once saved, new or updated terms of use documents will automatically appear when users next log in. The system records each acceptance, ensuring that only users who have agreed to the terms can access the platform. By effectively managing terms of use, you create a secure and transparent environment that complies with legal requirements and promotes responsible use of the SAP Sports One applications.

Personal data reports are vital for maintaining transparency and complying with data privacy regulations. They enable individuals to access and understand the personal information stored about them, in line with national data protection laws and the principles of informational self-determination.

As a Data Security Officer, you can generate comprehensive personal data reports that collect relevant confidential information, organize it into meaningful sections, and provide it as a downloadable file. These reports ensure compliance with legal requirements while fostering trust in data management practices. This process can be initiated as follows.

The Data Security Officer can navigate to Data Security > Personal Data and search for any individual within the system. Alternatively, users with relevant permissions can generate the report from the Reports section on the details page of a player, club contact, or staff member by selecting the Personal Data Report option.

After accessing the relevant tool, you can customize the report by specifying a name for the download file and selecting up to three content sections to include. Once the content is selected, the report can be saved as a PDF file, which will be automatically stored in the default local download folder on your device.