Organizations implementing SAP ILM (Information Lifecycle Management) to ensure GDPR compliance and data minimization often encounter a technological barrier when transitioning to modern cloud and object storage (S3/Blob): Rigid retention periods (Retention Locks) prevent agile system consolidation. The question for SAP Basis teams and archive experts is: How can the legally compliant destruction of data be operationalized without sacrificing the flexibility of the storage infrastructure? A deep dive into the world of CMIS, WebDAV, and application-controlled locks.
Regulatory requirements for companies are continuously growing. GDPR mandates the strict deletion of personal data once its purpose has ceased (Right to be forgotten), while tax regulations (GoBD) require immutable retention for many years. The tool of choice in the SAP ecosystem is SAP ILM.
Traditionally, these locks (retentions) were passed directly via the WebDAV protocol to the underlying storage system (e.g., classic WORM storage). The storage system physically locks the file from access and deletion until day X.
The practical problem: Today, companies are massively migrating to the cloud or to on-premises object storage (S3 / Azure Blob Storage). If an unyielding "Object Lock" or "Retention Lock" is rigidly set at the storage level, the IT infrastructure is frozen for years. Early migration of data to a more cost-effective cloud tier, consolidation of storage landscapes, or switching cloud providers becomes impossible because the storage system strictly refuses to move or delete the affected blocks – even for internally necessary system relocations.
When the IT infrastructure is rigidly coupled to the application's logical deletion periods, three operational bottlenecks arise for DMS experts and SAP archivists:
Modern IT architectures shift intelligence away from the hardware component (storage) towards lean middleware. This is where the modern CMIS standard (Content Management Interoperability Services) comes into play in conjunction with SAP ILM.
Instead of physically locking files at the file system level, making them unreadable and unmovable, an intelligent archive middleware manages them, such as kgs tia® the lifecycle.
By 2026, audit-proof compliance and GDPR conformity should no longer be a reason to impose technological constraints at the infrastructure level. Those implementing or optimizing SAP ILM should decouple storage locks.
By using lean middleware that natively speaks CMIS and handles the logical management of retention periods, the IT infrastructure remains agile. The result: Full compliance with maximum freedom in the multi-cloud strategy and noticeably reduced Total Cost of Ownership (TCO).
Further information


More Info

