Enabling Data Privacy


After completing this lesson, you will be able to:

  • Configure data privacy statements
  • Configure data retention management functionality

Enablement of Data Privacy Consent Statements

The functionality is enabled by following these steps:

  1. Enable in Provisioning.
  2. Grant permission to manage Data Privacy Consent Statements in Admin.
  3. Create and maintain Data Privacy Consent Statements.
There are two versions of the Data Privacy Consent Statements functionality in SAP SuccessFactors Recruiting Management. The 1.0 version was deprecated years ago and if a customer is still using it, there are a few extra steps that need to be completed before migrating over to the 2.0 version. Please see the relevant section in the Setting Up and Maintaining SAP SuccessFactors Recruiting guide for details.

Enablement of Data Privacy Consent Statements in Provisioning

To enable the functionality in Provisioning, complete the following steps:

  1. Navigate to ProvisioningCompany Settings and enable Data Privacy Consent Statement 2.0.
  2. Navigate to ProvisioningManage RecruitingEdit Candidate Privacy OptionsData Privacy Settings and then enable, at minimum, the following options for Data Privacy Consent Statement 2:
    1. Enable external data privacy agreement set up, and require acceptance on external candidate registration.
    2. Enable internal data privacy agreement set up.

Once you enable Data Privacy Consent Statement 2.0, there are a few predefined statuses that are automatically added to your Applicant Status Set:

  • Declined DPCS
  • Deleted On Demand By Admin
  • Deleted On Demand By Candidate
  • Withdrawn By Candidate

The Data Privacy Consent Statement 2.0 functionality is designed to be configured pre go-live. It is highly recommended to configure the default statement in Admin immediately after the Provisioning settings have been enabled. This will prevent candidates from getting an error at login.

Granting of Permissions to Manage Data Privacy Consent Statements

Admin users need to have relevant permissions assigned in order to configure and use the Data Privacy Consent Statement.

To grant permissions, proceed as follows:

  1. Navigate to AdminManage Permission RoleSelect RolePermissionsAdministrator Permissions.
  2. Enable the following permissions:
    1. Manage System PropertiesData Privacy Consent Statement Settings - Data Privacy Consent Statement Settings
      • A user with this permission is able to access the Data Privacy Consent Statement functionality in Admin Center
    2. Manage Recruiting
      • Manage external data privacy consent statements – user can manage Data Privacy Consent Statements for external users
      • Manage internal data privacy consent statements – user can manage Data Privacy Consent Statements for internal users
      • Country/Region Specific Consent Settings – user can set up country/region specific options for candidates
      • DPCS Accept on behalf of candidates – allow Admin users to accept the Data Privacy Consent Statements on behalf of the candidate

Please note that you can check the boxes for both Manage external data privacy consent statements and Manage internal data privacy consent statements in RBP, even if the internal option is not enabled in Provisioning. However, when you create a statement, the "Recruiting Internal" option will not appear if the internal option has not been enabled in Provisioning.

Creation and Maintenance of Data Privacy Consent Statements

Remember that this step should be completed as soon as possible after the Provisioning settings have been enabled. If there is not a statement to present, candidates will get an error and will not be able to proceed.

To create a new statement, follow these steps:

  1. Navigate to AdminCompany SettingsData Privacy Statement..
  2. Select Create New Statement.
  3. Enter Name – this will be the name of the Data Privacy Consent Statement. It cannot be changed once it is created.
  4. Select Type – it contains the following options:
    1. Login - Displays when a user first logs in to SAP SuccessFactors and must accept the statement in order to use SAP SuccessFactors. This statement is a platform privacy statement, and not specific to Recruiting.
    2. Recruiting Internal - Displays before an internal candidate completes a candidate profile or applies for a job. If you enable the permission to Manage internal data privacy consent statements in RBP, but the Internal Privacy option is not enabled in Provisioning, this option will not appear.
    3. Recruiting External - Displays before an external candidate can create a candidate profile. The candidate must accept the statement to proceed.
  5. Enter Redirect URL for Decline - This field allows a URL to be configured where candidates will be redirected to when they decline the Data Privacy Consent Statement. If no URL is added here, candidates who decline the statement will be redirected back to the home page. Typically, a URL that takes candidates to company corporate privacy policy page or a hosted page is configured here. This is to inform candidates they must accept the Data Privacy Consent Statement in order to proceed with the application process.

  6. Select Assigned Countries/Regions - When a candidate's country/region of residence matches the country configured for the statement, that specific statement displays. You can only configure one statement per country for each type of statement (Login, Recruiting internal, and Recruiting external).
  7. Set this as system default statement - This checkbox is used to create your default statement that is presented if the candidate's country of residence does not have its own statement.

Once the above steps have been completed, you will need to input the actual statement message and any applicable translations.

To input the actual statement message and any applicable translations, follow these steps:

  1. Select Statement Message.
  2. Enter a Title – this will be shown to candidates.
  3. Insert Statement Message.
  4. Click Print Preview – allows to display a preview of the statement.
  5. Select Add Language – if you wish to have a statement in a different language, enter the text here. It’s important to know that languages appear here if they are active in "Manage Languages" since Data Privacy Consent Statement 2.0 is a platform functionality. However, languages are only selectable for candidates if the language has been enabled in Recruiting Management via "Manage Recruiting Languages" and in Recruiting Marketing via "Site Locales".
  6. Select Save as Draft – this allows you to save a draft version, that can be updated later.
  7. Select Save & Publish – this will push out to career sites immediately. Each time a statement is published, it creates a new version of the statement, which must be accepted by existing candidates when they log in to their profile.

After the default statement has been published, you can configure any additional country specific statements you may need.

Remember that the Recruiting Management statement is based on the candidate’s country/region of residence.

DPCS Activation/Edits/Deletion

The following features are available for Data Privacy Consent Statements:

  • DPCS Activation: To activate or re-activate a Data Privacy Consent Statement, select the checkbox in the Active column. This will enable the statement, whereas clearing the Active checkbox will de-activate the statement.
  • DPCS Edits: To edit a Data Privacy Consent Statement, click the Data Privacy Consent Statement name in Admin CenterData Privacy Statement. When editing a Data Privacy Consent Statement, you are not allowed to change the name or the type of the Data Privacy Consent Statement. You are allowed to change the Redirect URL, message content, and country assignments.
  • DPCS Deletion: To delete the Data Privacy Consent Statement, click the trash icon.

Country-specific Consent Options

Occasionally, candidates are added to Recruiting Management without creating their own accounts and without seeing the configured statement. This issue happens when an employee refers, or an agency submits, a new candidate as well as when the add candidate functionality is used.

Users can set country-specific options on whether this type of candidate (internal or external) who hasn’t seen or accepted the current statement can progress through the pipeline. These settings also apply to any candidate who has accepted a statement, but not the most recent update.

The following permission is needed to be able to work with country-specific consent settings: Admin CenterManage Permission Role → [Select Role] → PermissionsAdministrator PermissionsManage RecruitingCountry Specific Consent Settings.

To manage candidate access: Select AdminManage RecruitingCountry Specific Consent Settings and then complete the information for the selected countries.

If you select Don’t Allow, the user will not be able to update the candidate status until the new or updated Data Privacy Consent Statement has been accepted, either by or on behalf of the candidate.

If you select Allow After Confirmation, when a user is updating the candidate status, a warning message will pop up that says, "Allow candidate(s) who have not yet accepted latest DPCS statement". The warning message will be shown for both newly added candidates and those who haven’t accepted the most recent version of the Data Privacy Consent Statement. If the user checks this box, they will be able to proceed in updating the candidate status.

To gain access to different versions of statements, follow this process:

  1. For versioning proceed as follows:
    • Click the View History link.
    • In the Version column, click a version number to see a read-only view of that version.
  2. To perform auditing, click View HistoryView Log.
    • You can either search for a specific user or view all users that have either accepted or declined.
    • You can also download a report to view all that have accepted.

If the number of returned records exceeds a set threshold (10000), the system sends the report request to the server and the administrator receives a link to download the report.

Candidate Search Based on Data Privacy Consent Statements

The candidate search based on the Data Privacy Consent Statement is an admin opt-in feature for DPCS 2.0 customers. This functionality allows the candidate to be searchable only if they have accepted the Data Privacy Consent Statement. This feature can be leveraged by DPCS 2.0 to ensure that the candidates who have not accepted at least one version of the data privacy statement are not returned in the candidate search results.

This functionality has to be enabled in ProvisioningManage RecruitingEdit Candidate Privacy OptionsData Privacy SettingsEnable both internal and external options.

In Admin, to display only those candidates in the candidate search results who have accepted the Data Privacy Consent Statement at least once, navigate to Admin CenterManage Recruiting SettingsGeneral Data Privacy SettingsAllow Recruiting users to access candidate information if they have accepted one of the versions of the Data Privacy Consent Statement.

Enabling this option also ensures that the candidates who didn’t accept at least one version of the Data Privacy Consent Statement are unsearchable. If the option is disabled, all candidates are searchable regardless of the Data Privacy Consent Statement acceptance.

This setting only appears in Manage Recruiting Settings if all prerequisites are enabled.

Applications that are created by the candidate before enabling the Allow Recruiting users to access candidate information if they have accepted one of the versions of the Data Privacy Consent Statement setting are still available in Recruiting Management pages.

The search areas that display candidate information based on the Data Privacy Consent Statement option are as follows:

  • Advanced search
  • Quick search
  • Candidate tags
  • Background elements
  • Talent pools page – which is part of Candidate Relationship Management
  • Email campaign page – which is also part of Candidate Relationship Management
  • Manage Duplicate Candidates page - candidates who have not accepted at least one version of Data Privacy Consent Statement are not searchable in the autocomplete search box

Data Retention Management (DRM) Overview

Data should not be stored any longer than is required. In some cases, local/regional legislation may require purging of user data from your system after a certain length of time for data protection and privacy. In other cases, user may choose to purge user data simply because it no longer serves a business purpose.

Data retention time management (DRTM) is data purge solution that offers more complete coverage across the HCM Suite and the ability to configure different retention times for different types of data and different countries.

The Data Retention Management feature set allows users to configure the purge of candidate data from the system on a recurring schedule and based on configurable country specific retention times via the Data Retention Time Management feature set.

Purging data in the SAP SuccessFactors HCM Suite is irreversible, and as such is built to be a multi-step process requiring a request and an approval. This ensures oversight before records are permanently and irretrievably removed from the system.

The DRTM Master Data Purge type is included in the table below, as it is applicable for Recruiting when it comes to purging recruiting users and internal candidate profiles and applications. This master data purge permanently and irreversibly removes inactive users from your instance, along with their associated data from across the HXM Suite, including audit data.

The configured retention time for DRTM master data overrides the retention time that is configured for any other DRTM purge objects. However, this purge will not remove any Recruiting Management user, defined as "Any Job Requisition Approver, Interviewer, or Offer Approver" who is active in your Recruiting process. Their pending action will need to be dispositioned or transferred to another user before they can be purged. This is also referred to as "User Veto" and no configuration is needed for this.

Purge Request Types

The following table shows the purge request types that are applicable in Recruiting, along with the user/candidate type that is included for each purge and a brief description of each purge type.

Purge Request TypeApplicable toFunctionality

DRTM Master Data Purge

Internal Users (HXM Suite)

  • Fully purges inactive internal users (including their internal candidate profile and applications in Recruiting), and the associated data, including audit data, based on a single, common retention time
  • Overrides retention time configured for any other DRTM purge objects

DRTM Inactive Candidate PurgeExternal Candidates (Recruiting)
  • Candidates are anonymized in Recruiting based on the period of inactivity (logged in date) and candidate's country/region of residency that the candidate selects while creating an account.
DRTM Inactive Application PurgeInternal & External Candidate Applications (Recruiting)
  • Job applications are anonymized in Recruiting based on their status, the country/region of the job requisition, and the option selected in Admin Center → Manage Recruiting Settings → application last modified date, application dispositioned date, or job requisition closure date)
DRTM Recruiting Read Access Log PurgeExternal Candidates (Recruiting)
  • Purges read access log data for both active or inactive external candidates
DRTM Audit Data PurgeInternal Users (HXM Suite)
  • Purges read access log data for both active or inactive internal users (including their internal candidate profile in Recruiting), based on specific retention times for each type of audit data

DRTM Inactive Candidate Purge

Inactive candidates can be anonymized by creating a purge request in Data Retention Management. Inactive candidates are candidates who haven’t logged in to their accounts for the number of days configured as the inactivity period.

If you don’t want to lose candidate data through the purge action, contact the candidates through email to ask them to activate their accounts by logging in to the system. It's possible to configure the number of days before the purge date, when email alerts are triggered to notify inactive candidates to take action before their profiles are anonymized.

Email notifications are not triggered for candidates who haven't accepted the Data Privacy Consent Statement (DPCS) for the configured retention time.

If the DRM 2.0 Candidate Purge: Do not purge Candidate Profile if there are existing applications in the system for that candidate" setting, shown in the figure, DRM 2.0 Settings, is enabled.

  • When this setting is disabled, the candidate profile is purged regardless of the status of the applications that exist for the candidate.
  • When this setting is enabled, the candidate profile is purged based on the status of the application that exists for the candidates in the table below.

The candidate profile won’t be purged for any in-progress applications. Candidates in a draft, closed, withdrawn, or disqualified status will be purged. For the "Requisition Closed" and "Hired on Other Requisition" statuses in particular, this will purge or not purge the candidate profile, based on the "Consider job applications with the status "Requisition Closed" for purging" and "Consider job applications with the status "Hired On Other Requisition" for purging" settings that you can see in the figure, DRM 2.0 settings. This is a newer functionality and previously candidates in these statuses were not purged. If you want to purge inactive candidates in these two statuses, ensure you have these options enabled.

Internal and external candidate application data purges are set up per application and based on their status as defined in the table below.


For the top three withdrawn statuses (which refer to the items for manually deleting candidates), these candidates will be purged with the next run of the Recruiting Management Entity Anonymization job, which is a job that is created in Provisioning. If you schedule this job to run daily, it’s important to know the candidates are not anonymized in real time, but rather daily, at the time specified in the scheduled job.

For the "in-progress" statuses and "forwarded" statuses, applications get purged when the candidate profile gets purged. For "in-progress" statuses, candidate profiles are not purged, as indicated in the candidate profile purge table above, so these applications will not be purged.

For the remaining statuses of "Withdrawn by Candidate", "Auto Disqualified", "Onboarding Statuses", and "Disqualification Statuses", applications are purged by the DRTM Inactive Application Purge, as per the retention period. This job is configured by an admin user in Admin Center.

Anonymization of a Candidate's Application & Profile

For data protection and privacy, it's possible to anonymize candidate profiles and their disqualified job applications data together using the Anonymize Candidate Profiles feature in Admin Center.

The system removes personally identifiable information from their candidate profiles and the personally identifiable information from disqualified application are anonymized after legal minimum period is reached when:

  • Applicants request candidate profiles for deletion.
  • Applicants revoke their acceptance of the data privacy consent statement (DPCS) after applying to a job requisition.
  • The candidate deletes the profile.
  • Retaining such unsuccessful or disqualified applications for a certain period of time before being anonymized helps to record that the applications were rejected fairly and not due to a bias.

If, however, you need override this retention period and anonymize candidate profiles with their disqualified applications immediately, Anonymize Candidate Profiles allows you to do both. If a candidate profile is already anonymized, the tool lets you find the applicant's disqualified applications so that you can also anonymize them.

These disqualified applications become anonymized when the scheduled RCM Entity Anonymization Job runs.RCM Entity Anonymization Job runs.

Anonymize Disqualified Applications for Anonymized Candidates

This option anonymizes the disqualified applications for applicants whose candidate profiles have already been anonymized. Using the search feature, you can find applicants by their candidate ID.

The search doesn't return applicants who are yet to be anonymized. If your search returns no results, try searching for them in the Anonymize Candidate Profiles and Applications option instead, or run an anonymization job to anonymize candidates in case the candidate has already been marked for anonymization.

Data Retention Time Management Configuration and Usage

To configure Data Retention Time Management, proceed as follows:

  1. Configure the anonymize attribute in the XML.
    • When data retention is triggered, any data flagged for anonymization will be anonymized from the records. Fields subject to anonymization must have the field-level attribute anonymize="true" defined in the Candidate Profile XML, Application XML, and Offer Detail XML. Not all fields support anonymization during the data purge. In the Offer Detail template, you can only set job application fields as anonymize="true". For a list of fields that supports anonymization, please see the Recruiting guide.
  2. Schedule the Anonymization Job in Provisioning.
    1. Navigate to ProvisioningManaging Job SchedulerManage Scheduled Jobs.
    2. Click Create New Job.
    3. Select the Job Type RCM Entity Anonymization Job.
    4. Enter the job name, owner, and the schedule details for the job.
    5. Click Submit Job.

    This job anonymizes the data, and so must be configured. It is best practice to configure the job to run daily.

  3. Enable DRM 2.0 in Admin Center.
    1. Navigate to AdminCompany and Logo Settings and enable Data Retention Management Minimum # of approvers. Optionally you can enter any minimum number of approvers as required.
  4. Grant user permission.
    1. Navigate to AdminManage Permission RoleAdministrator PermissionMetadata FrameworkManage Data. This gives the user the ability to access the manage data screens which is used to manage MDF objects in general, not just for data retention time management.
    2. Navigate to AdminManage Permission RoleUser PermissionData Retention Management and select DRTM Candidate Profile and all fields except the Field level override field. Do the same for the DRTM Job Application. The combination of these two permission sets grants user the ability to set up countries to use data retention time management and then configure data retention times for different countries for the recruiting objects.
    3. Assign DRM 2.0 permissions to use the functionality.
      1. Create the DRTM Data Purge Request, which gives the user the ability to create and submit a DRTM purge request.
        • Access to Data Retention Management
        • Ability to create a new request, cancel scheduled request, and delete
      2. Approve DRTM Data Purge Request, which gives the user the ability to approve a DRTM purge request
        • Access to Purge Request Monitor
        • Ability to approve/decline request
  5. Upgrade to DRTM Recruiting Object. A user might already have this permission assigned, or the Instance might already have been upgraded.
    1. Navigate to Admin CenterUpgrade CenterOptional UpgradesDRTM Recruiting.
      Permission to access Upgrade Center is granted in: Manage Permission RolesPermissionsAdministrator PermissionsAdmin Center PermissionManage Upgrade Center.

    If you do not see the feature on the list, the feature is already available in the instance.

  6. Flag countries for use in DRTM.
    • Set the Data Retention Enabled field to Yes on each country that you will want to add as an element in the purge object. This configuration adds this country as an element in the purge object and job only.

Manually Add

To manually add, proceed as follows:

  1. Navigate to Admin CenterManage DataCountry[select country]Take ActionMake Correction.
  2. Start by searching country and selecting the individual country element to configure.
  3. Select Take ActionMake Correction, which opens up the element for edits.
  4. Set the data retention enabled flag to yes and save.
  5. Repeat this process and enable the data retention flag for every country you recruit in and theoretically, every country a candidate applying to your positions may select for their country of residence.


To import, proceed as follows:

  1. Navigate to Admin CenterImport and Export DataExportSelect Generic Object—CountryExport.
  2. Navigate to AdminMonitor JobMDFZIPExport_Country_mm/dd/yyyyDownload StatusSave File.
    1. Unzip and locate the Country.CSV file.
    2. Make a backup copy immediately.
    3. Open Excel 2016 (not the file, just a blank workbook).
    4. Select the Data TabGet DataFrom FileFrom Text/CSV and then locate the Country.CSV file.
      • File Origin: Unicode (UTF-8)
      • Delimiter (Comma)
      • Load
      • This will give you a table with a generic header in xlxs format.vi.
      • Select FileSave As.
      • Name the file, select CSV UTF-8, and then select Save.
    5. This will give you a .CSV file that Microsoft Excel will read in UTF-8.
    6. Open the recently saved CSV file and delete the first row (the header that says Column1, Column2, and so on).
    7. Scroll to the left and find the final column, isDRMEnabled.
    8. Populate the isDRMEnabled column with TRUE for which you want to set the DRM Enabled flag and then save.
    9. Save.
  3. Set up the Country Specific Retention Period.
    1. Configure the aging period for Candidate Profile: Admin CenterManage DataDRTM Candidate ProfileCandidateTake ActionMake Correction.
      • Since this is the candidate profile and it is possible that a candidate may have one without ever logging in to see the Consent Statement due to being manually added via referral, agency, or manual add, there is the option to configure the period of non-acceptance of Data Privacy Consent Statement here. This means the profile will be picked up for anonymization if the Data Privacy Consent Statement has not been accepted in this time frame.
      • In addition, the country can be set, the inactivity time unit, and the period of days that the profile should be retained.
    2. Configure the aging period for job application:Admin CenterManage DataDRTM Job ApplicationApplicationTake ActionMake Correction.
  4. Set up the Application Purge DRM Setting.
    1. Navigate to Admin CenterManage Recruiting SettingsDRM 2.0 settings.
      • The candidate profile aging period starts on the candidate’s last log in date, but for the application aging start, you have a few different options, which are available in DRM 2.0 settings in Manage Recruiting Settings.
        • Application’s last modified date
        • The application’s disposition date
        • Requisition’s closure date
      • In addition to setting the date that the application aging begins on, we can also set a flag that prevents a candidate profile from being purged by the inactive candidate job if the candidate still has active applications in the system. It is suggested to set this flag so that active applications veto the profile purge.

Data Retention Functionality Usage

To use the Data Retention functionality, proceed as follows:

  1. Create the request.
    1. Navigate to Admin CenterData Retention ManagementCreate New Purge Request. Select the purge request type, name it, select the countries this purge schedule should cover, and add approvers.
    2. You then have the option to launch immediately without reoccurrence or schedule with the different options. Either option used will send notifications to the approver(s) and will need approval before they expire in 14 days.
  2. Approve the request.
    1. Navigate to Admin CenterPurge Request MonitorRequest Pending Approval.
      • Either type of approval (immediate or scheduled) will start on the Purge Request Monitor screen.

Immediate Start

If launched immediately, the approver will need to look on the Request Pending Approval tab. Here they can download a preview of what candidates will be marked for anonymization if approved. This Purge preview report can be used to confirm purge is set up properly and ran successfully.

For the Launch Immediately option, the preview report is generated immediately after it is submitted. You only need to approve once to start the purge process.

Scheduled Request Pending Preview Report

For scheduled purge requests, the approver will need to access the Scheduled Requests Pending preview report to view and approve the schedule. The user has the option of approving the request or the series. Either way, once the approval is given, a preview report is generated at the next scheduled run time and a notification sent. The user will then access the Purge Request Monitor screen, Request Pending Approval tab to review the preview report and approve again to start the purge process.

Fully approved purge requests are sent to the job scheduler. For scheduled requests, the purge job runs at the soonest available time after its next scheduled recurrence. For an immediate request, the purge job runs at the next available time, generally within a few minutes.

Check Purge Status

The actual purge job status can be checked at any time after it is approved by accessing the Approved Request tab. Here, the user can download the preview report, view the job details, and/or access view results for the completed report that can be used to confirm whether the purge job was successful or not for each type of data in the purge. Error messages in the final report can be used to troubleshoot data that failed to purge as expected.

Purge Freeze

A user with relevant permissions (Admin CenterManage Permission RoleData Retention ManagementDRTM Purge Freeze can put a legal hold on data for a specific candidate so that their data is not removed by a DRTM data purge. Possible use cases are pending litigation or other legal requirements that supersede the configured retention time.

To add a candidate to Purge Freeze, proceed as follows:

  1. Navigate to Admin CenterManage DataCreate NewDRTM Purge Freeze. This will open a new element and allow the user to add a candidate to the Purge Freeze list. The Purge Freeze list is only used by DRTM purge requests.
    • Purge Freeze Target Type: Candidate (if internal, then use Employment)
    • Candidate ID: Enter a numeric Candidate ID (if internal, user lookup)
    • Description: Add a display label, as the entry should appear on the Purge Freeze list and in purge reports.
    • Comment: Add additional information, such as the legal reason for the Purge Freeze.

Editing an existing entry in the Purge Freeze list includes the following:

  • If users need to edit or delete an existing entry on the Purge Freeze list they will search for the DRTM purge freeze object and find the specific entry in the second box. Then they can use Take Action and either correct or delete from the list.

  • Users can also import and export the list via import and export data using a similar method to the one used to import the updated country object.

Log in to track your progress & complete quizzes