US 12,579,304 B2
Purpose-based processing by purpose-action association
Benny Rolle, Reinhardshagen (DE); Stefan Hesse, Dresden (DE); Matthias Vogel, Saarbrücken (DE); and Carsten Pluder, Spiesen-Elversberg (DE)
Assigned to SAP SE, Walldorf (DE)
Filed by SAP SE, Walldorf (DE)
Filed on Jul. 5, 2023, as Appl. No. 18/347,029.
Prior Publication US 2025/0013778 A1, Jan. 9, 2025
Int. Cl. G06F 21/62 (2013.01)
CPC G06F 21/6245 (2013.01) 17 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, from a first data controller that corresponds to a first tenant of a software system, information defining a first purpose for processing, for the first data controller, in the software system, personal data of a first data category stored in a first object;
storing the information defining the first purpose in a data store, in association with the first data controller, wherein the information defining the first purpose maps the first purpose to the first data category;
providing, to the first data controller, data describing processing actions performed in the software system;
receiving, from the first data controller, a first mapping of a first processing action to the first purpose, wherein the first mapping indicates that data of the first data category of the first object can be processed in the software system for the first data controller by the first processing action for the first purpose;
storing information for the first mapping in the data store in association with the first data controller, wherein the data store includes data for a second data controller that corresponds to a second tenant of the software system, wherein the data for the second data controller includes information for a second purpose for the second data controller and a second mapping that maps the second purpose to the first processing action and the first data category, wherein the second purpose is a different purpose than the first purpose;
receiving, at the software system and from a first user of the first data controller, first input data for the first processing action;
determining that the first input data can be used during execution in the software system of the first processing action for the first purpose for the first user of the first data controller based on determining that 1) the first input data is of the first data category that has been mapped to the first purpose for the first data controller and 2) the first processing action has been mapped to the first purpose for the first data controller;
executing the first processing action in the software system, using the first input data, as purpose-based processing of the first input data for the first user of the first data controller, in response to determining that the first input data can be used during execution in the software system of the first processing action for the first purpose for the first user of the first data controller;
receiving, at the software system and from a second user of the second data controller, second input data for the first processing action;
determining that the second input data cannot be used during execution in the software system of the first processing action for the second purpose for the second user of the second data controller based on determining that the second input data is of a second data category that is different from the first data category and which has not been mapped to the second purpose; and
preventing processing of the second input data in the software system by the first processing action for the second user of the second data controller, in response to determining that the second input data cannot be used during execution of the first processing action for the second purpose for the second user of the second data controller.