How did Yıldırım Group
secure personal data with
the SAP PDP (Personal Data Protector)

About Yıldırım Group

The foundation of the YILDIRIM Group dates back to 1963, when Garip YILDIRIM established a modest construction material trading company called GARIP YILDIRIM & SONS in Samsun, Turkey. Since its founding, the company has continuously broadened its focus through new subsidiaries by entrepreneurism and constant innovation, evolving into an industrially diversified group of companies as well as one of the fastest growing Turkish industrial groups.

Since 2008, when YILDIRIM Group made its first international acquisition in Sweden, the company has grown to become a global force based in Istanbul, Turkey, with operations in 9 sectors in 51 countries on 4 continents. The YILDIRIM Group of Companies employs 13,000 people around the globe.

Project Identity:

Project type:

Project implementation method:
Remote (with digital connection and communication tools)

Project completion period:
5 months

Number of companies in the scope of the project:

Number of customers whose personal data is kept:
Approximately 62000

Project Goals:

  • Full compliance with GDPR and real risk management
  • Real-time reporting of users accessing personal data
  • Orchestration of systems and environments other than SAP within the scope of GDPR
  • Medium and long-term Total Cost of Ownership advantage with a single system instead of investing in many systems

How did we succeed together
with Yıldırım Group?

Yıldırım Group started the SAP PDP Project on 1st of June. First of all, personal data inventories prepared by the company were transferred directly to SAP. With the PDP solution, authorized users can view personal data according to their authority roles, while unauthorized users see all personal data as masked.

The PDP solution was put into use in 4 different systems associated with 5 company codes belonging to the company.

With the PDP solution, users will be able to follow clarification texts, explicit consents, anonymization, and destruction processes through SAP.

With this project, it has been ensured that the GDPR measures are taken and managed centrally, not in parts, but in a way that considers both personal data security and all related processes.

The project was successfully put into live use on November 13, 2021. Afterwards, live support was given for 2 weeks.

With the SAP PDP project, processes in both Yıldırım Group’s ERP and Fiori systems are followed in accordance with GDPR.


With our SAP PDP project, the following gains have been achieved for Yıldırım Group:

  • Data masking with SAP UI Masking Solution
  • Use of active masking in HR and Fiori systems together with ERP systems
  • Recording access to personal data on 4 different systems (log)
  • Clarification text and explicit consent management centrally in the ERP system
  • Reporting in accordance with GDPR processes
  • Creating SAP-compatible user roles for personal data