Secure your sensitive personal data with PDP (Personal Data Protector) offered exclusively by SAP® in order to ensure your compliance with GDPR / KVKK and to manage related processes throughout your organization.

With its experience in 20+ successful projects, Nagarro + MBIS is always at your service for SAP® PDP implementations.

Manage the personal data in SAP® or non-SAP® systems or physical environments, take the necessary technical and administrative measures and run all related processes in a holistic way within weeks with Nagarro + MBIS and secure your organization.

More information

What is SAP® PDP?

SAP® PDP (Personal Data Protector) is a specially designed and developed SAP® solution which greatly helps organizations to take measures required by GDPR through managing personal data protection and orchestrating related processes for SAP® , non-SAP® systems and physical environments, centrally and with a holistic approach.

  • SAP PDP pdp icon
    • SAP® systems

      SAP PDP pdp kişisel 1 Personal Data
      ECC | S/4HANA
      HR, CRM, SRM
      SAP PDP pdp kvkk GDPR / KVKK Processes
    • Non-SAP® systems

      SAP PDP pdp kişisel 1 Personal data
      Business applications, Call Centers, Analytical Systems, Document Management Systems, etc.
      SAP PDP pdp kvkk GDPR / KVKK Processes
    • Physical environments

      SAP PDP pdp kişisel 1 Personal data
      HR rooms, Archives, Infirmaries, etc.
      SAP PDP pdp kvkk GDPR / KVKK Processes

What kind of a system do organizations
need to ensure GDPR / KVKK compliance?

SAP PDP pdp veri

Data management

  • Personal Data discovery in SAP® databases
  • Defining Personal Data Processing Purposes and their relations to data
  • Determining systems, locations and environments of Processors
  • Defining roles and responsibilities for systems and locations
  • Categorization of personal data
  • Recording ‘tag’s of personal data being processed in non-SAP® systems and physical locations
  • Creating and managing Personal Data Processing Inventory
SAP PDP pdp süreç

Process management

  • Disclosure Obligation management
  • Collection and management of Explicit Consent
  • Managing the Personal Data breach process
  • Management of the interaction processes of the organization with individuals and official institutions whose data are processed
  • Monitoring and reporting of the outputs and situations of each process
SAP PDP pdp erişim

Data access management

  • Configuration of data masking functions
  • Automatic data masking when Explicit Consents are missing in SAP®
  • Creating automatic anonymization tasks for non-SAP® systems when Explicit Consents are missing.
  • Managing Personal Data Access Rights
  • Logging and reporting User Access to Personal Data
SAP PDP pdp anonimleştirme

Anonymization and destruction

  • Processing anonymization reuqests per individual’s’ ‘Forget me’ right
  • Data blockage and erasure within given periods by applying related rules
  • Integration with non-SAP® systems
  • Generating automatic data destruction tasks for physical environments
  • Automatic masking for marked Personal Data
SAP PDP pdp görev

Task management

  • Creating manual or automatic tasks related to GDPR for SAP® , non-SAP® systems and physical environments that keep personal data (e.g. Data masking, data disposal, tasks regarding information requests etc.)
SAP PDP pdp yönetim

Management and orchestration

  • Managing external systems with comprehensive and effective integration functions
  • Process traceability
  • Support in audits with reporting and monitoring functions

Basic functionality of SAP® PDP

GDPR / KVKK is very detailed and precise in certain areas. With Nagarro + MBIS, use SAP® PDP and take control and manage personal data risks in the rapidly developing digital world with a holistic perspective.

SAP PDP pdp aydınlatma

Obligation to inform

PDP allows organizations to create clarification texts either by modifying existing regulation compliant templates or by designing from-scratch. PDP performs versioning and sends clarification texts via e-Mail to data subjects. PDP provides status tracking, managing and reporting tools for clarification texts.

SAP PDP pdp açık

Explicit Consent collection and management

SAP® PDP automatically collects explicit consents via e-mail for the related processing purposes, allows manual explicit consent record entries, and tracks and reports them. PDP also allows explicit consents collected through non-SAP® systems to be consolidated using various methods, including Web Service integration.

SAP PDP pdp maskeleme

Anonymization and masking

PDP ensures that the anonymization and periodic destruction tasks are configured in the system, the approval process is defined, the masking function is activated for the approved data. The completed tasks are automatically closed, being tracked and reported according to their status. Additionally, PDP creates data anonymization or destruction or tasks for non-SAP® systems and physical environments.

SAP PDP pdp sap

Automated personal data discovery in SAP®

SAP® PDP searches and detects personal data fields in SAP® databases at ‘data element’ level by using its ‘pre-defined data discovery catalogue’. PDP is also capable of finding personal data fields used in customized SAP® transactions if standard data element types are used. Following SAP® data discovery, raw personal data inventory is created by adding non-SAP® fields and data kept in physical environments.

SAP PDP pdp kişisel 2

Personal data and access minimization

PDP helps organizations by providing reports for keeping the data volumes as small as possible and for having more managable set of data. It supports disabling or completely deleting duplicated personal data and using a single source of data to ease mitigation of data related risks. PDP also helps restricting user athorizations to make sure only necessary users will see or edit personal data with optimum level of authorization.

SAP PDP pdp yönetimi

Task management

PDP enables creating and managing one-off or repetitive (periodic) tasks for SAP® , non-SAP® systems or physical environments. PDP distributes these tasks through Web Services and sends e-mail notifications and reminders to accountable staff, tracks task status’ and provides detailed reports.

SAP PDP pdp kişisel 2

Personal data breach management

In the case of personal data breach, PDP allows the violation to be recorded, the necessary research studies to be carried out in the affected systems, to collect fact-finding results, to create and send the reports to official institutions by versioning and to provide the necessary information to the individuals affected by the breach.

SAP PDP pdp raporlama

Reporting and monitoring

PDP provides extensive reporting functions regarding the monitoring of the status of GDPR / KVKK processes, the integrity of the personal data inventory, the information that needs to be provided in line with the information requests, and enables the obligatory reports requested by the regulations.

SAP PDP pdp orkestrasyon

Management and orchestration

With its abilities of task management, reporting functions, process status tracking capabilities, and most importantly, the ready master data, process definitions and advanced integration layer it has, PDP enables enterprises to manage not only the processes related to personal data in SAP® , but also non-SAP® systems and environments from a single point.

SAP PDP pdp bilgi

Information request management

PDP allows that information requests from data subjects (individuals) or governement agencies are recorded in the system, related tasks are automatcally created, assigned and approved, reminders for incomplete information tasks are sent, summary and detail personal data information reports are created and shared with requestors.

SAP PDP pdp işleme

Personal data processing inventory

PDP enables creating the Personal Data Processing Inventory by assigning raw personal data to the data groups and managing it as a versionable live document. It controls the consistency of data types and data processing purposes and the integrity of data category assignments. It automatically sends notifications in the case new personal data fields are added to SAP® systems.

SAP PDP pdp loglama

Personal data access logging

PDP logs the access to the personal data defined in the SAP® systems in detail and makes detailed reports based on the person whose personal data is accessed if required. Personal Data access logs kept in non-SAP® systems can also be consolidated and included in reporting in PDP by various methods (FTP, Web Services or real-time access)

Some of the technical features of SAP® PDP

SAP® PDP offers many advantages that will enable an institution to fulfill its GDPR / KVKK obligations, both in functional and technical terms.

Flexibility and scalability

PDP offers highly customizable technical architecture that can be used according to the special needs of our customers.

User authorization

SAP® PDP enables ‘purpose and data type based’ user authorization.

'New field' warning

PDP warns you in the case new personal data fields are added to your SAP® systems, allowing you to take necessary actions.

SAP® field masking

PDP allows you to display personal data automatically masked with the SAP® UI Masking according to the specified rules.

Fiori screens

It is also possible to use PDP more efficiently with Fiori screens apart from standard SAP® GUI screens.

Language options

PDP supports English and Turkish by default , any other languages can be added easily.


PDP does versioning for clarification and explicit consent texts, personal data processing inventory and other necessary set of data/information.

Supported SAP® systems

In addition to ECC or S/4HANA, PDP can be deployed for all SAP® all systems that support ABAP, such as HR, CRM, SRM.

BW support

PDP ensures that the personal data is transferred from SAP® to BW securely by deleting or masking them depending on the rules defined.

Non-SAP® system integrations

PDP comes with a very comprehensive and effective integration layer with a rich set of Web Services that enables connections with non-SAP® systems.

SAP® GRC integration

Special roles defined for personal data with SAP® PDP work integrated and compatible with SAP® GRC Access Control module.

DLP support

PDP can be used in compliance with Data Loss Prevention systems; e.g. personal data ‘tagging’ for exported MS Excel files.

What is the scope of PDP in
terms of GDPR / KVKK measures?

In order to be fully compliant with GDPR / KVKK, wide range of measures should be taken and you can see a summary of these
measures below. On the technical side, some of the measures are not needed specifically for GDPR. Although there may be some
amendments to be made for GDPR, they have to be in place in any organizations anyway, such as firewalls, anti-virüs systems etc.
For administrative measures, most of the activities like adding Personal Data Protection clauses on internal or external contracts,
require managerial decisions and can be carried out without any sophisticated system. SAP® PDP takes its role for the rest which
are particulary required for GDPR / KVKK for instance Explicit Consents, Personal Data Masking, Access Logging, Anonimyzation
from technical aspect and Obligation to Inform for example for Administrative part.

Technical Measures

  • Firewalls and network security
  • Current anti-virus/anti-spam systems
  • Disk encryption and key management
  • Penetration tests
  • Cyber attack defense systems
  • User account and authority management
  • Software application security
  • Data encryption
  • Data loss prevention systems (DLP)
  • Protection systems against system threats and violations
  • Explicit Consent collection and management
  • Recording access to personal data (Logging)
  • Displaying personal data by masking
  • Personal data deletion, anonymization and destruction

Administrative Measures

  • Institutional policies
  • In-house agreements (e.g. between data controller * data processors)
  • Confidentiality agreements with 3rd parties
  • Employment contracts with employees
  • Awareness-raising activities
  • Educational activities
  • Disciplinary regulation and procedures
  • Corporate Communication (e.g. reputation management)
  • Risk analysis and risk minimization
  • Planned and random inspections
  • Corporate Communication (Information requests from individuals or institutions and data breach crisis management)
  • Creation of Personal Data Processing Inventory
  • Activities related to the Obligation of Disclosure
  • Registration to Verbis


The red lines in the list are the KVKK/GDPR requirements that can be fulfilled within the scope of PDP implementation.

How long does it take to activate the PDP?

The implementation period of each project may vary depending on the scope, special demands, the management of the information systems
in the foreign country, the chosen integration methods, the total number of companies and similar parameters. The General Project Plan
below gives a general idea of the project steps. (The 2-week support period after going live is not included)

en pdp 1


It offers a real-time notification system that reports users accessing personal data.

SAP PDP pdp kvkk 2

Investing on a world-class solution which is continuously developing and adapting itself to future requirements as well regulation changes

SAP PDP pdp bir

Reduced Total Cost of Ownership (TCO) through investing on a single system rather than dealing with many systems


Taking and managing GDPR related measures from a central control platform instead of using fragmanted solutions

SAP PDP pdp beraber

Complete and true GDPR compliance with the use of PDP’s best practise read-to-use data and process designs matured throughout the previous implementations

SAP PDP pdp proje

Successful projects, strong references and solid success stories

SAP PDP pdp altyapı

Effective orchestration of non-SAP® systems and physical locations with PDP’s holistic approach to GDPR requirements.

SAP PDP pdp sap

SAP® ’s global support and commitment to PDP

Customer Testimonials

How do we support your business growth?

kadir sakarya
Kadir Sakarya
Sepaş, Information Technologies Manager
"By adapting SAP® 's best practices on GDPR / KVKK, we have ensured the protection of personal data in our ecosystem through a highly successful project. We worked with the expert teams of Nagarro + MBIS in this project, where we managed to fulfill a very important part of the legal requirements of personal data protection with SAP® PDP. We would like to thank Nagarro + MBIS for their devoted work."
Çimsa, CIO
We have completed the Personal Data Protection (KVK) part of our Digital Transformation journey, which we have executed based on our strategic partnership with SAP® , using the PDP (Personal Data Protector) solution. By adopting SAP® 's know-how and best practices in Personal Data Protection Law (KVKK), we have successfully managed to greatly meet legal compliance requirements by ensuring the protection of personal data in our ecosystem and the central management of related processes.

Please contact us for further information