Discuss business intelligence, integration, compliance and a host of other SAP-related topics – implementation, best practices and resources to negotiate the world of SAP better!

« July 2019 | Main | February 2020 »

January 21, 2020

Stock Transport Order (STO) in India with application of GST and SAP solution

Inter branch/unit transfer of goods is common and indispensable for large manufacturing units spread across multiple geographical locations. This will help them to get closer to the customers and bridge the time gap between demand and supply. In SAP, transfer of goods between 2 branches or units is termed as STO (Stock transfer order).  The same can be interstate (outside state) and Intra state (within state). The former is taxable under GST Act, 2017 and treated in the same way as normal sale to customer. The tax credit benefit to sending and receiving branch is same as a normal sale to customer and One branch will pay GST and other branch will take Input Tax Credit (ITC). This blog gives a high-level solution on STO given by SAP and how we can implement the same for our clients.

STO process is always between 2 plants mapped to the same company code. Hence, billing/invoicing is not applicable in this process. However, in India, as per GST law, billing document is to be generated and a subsequent outbound (at issuing plant) and inbound (at receiving plant) invoice documents must be generated. In India, there are 2 types of GST namely Inter-State GST and Intra-State GST and the relevant taxes differ for transport of goods between plants within the same state and within plants in different states.


Standard STO setup in SAP and challenges with India STO process

Generally, STO process does not differ from country to country. The standard STO process does not involve any taxation and billing but for India, invoice document is to be generated as per India tax laws. Hence there is a requirement to distinguish the STO process for India from other countries.

Tax is not calculated in intra-state STO since plants in same state share the same GSTIN. IGST is computed in inter-state STO process.

India Intra-state STO

India Inter-state STO

In other countries


GST should be computed

No taxation

Billing document to be created

Billing document to be created

No billing document

No ODN reference in accounting document since   plants have same GSTIN

ODN to be generated in accounting document

Not applicable

Info Record (maintain tax code) mandatory reference in PO

Info Record (maintain tax code) mandatory reference in PO

Not applicable


How does SAP standard solution for STO process with GST integration work?

SAP has given complete solution with a set of notes to be implemented in SAP GST India: STO Solution notes.


How Infosys approached and addressed these challenges

The basic process flow mostly remains unchanged as can be deduced from figure 2. We must make creation of billing document (and subsequent accounting document) possible for STO process in India to compute GST. This can be achieved by assigning a delivery type and item category relevant for billing to the India plants in STO configuration.

As for ODN, separate billing document types for Intra-state and inter-state STO is maintained because ODN generation is made mandatory for Inter-state process only.

These changes help business comply with GST law, 2017 in India.

January 20, 2020

Input Service Distributor (ISD) under India GST law and SAP solution

The GST law, which was enacted under Central Goods and Services Tax Act, 2017 is not new concept in India. Although, it was enacted, more than 2 years back and most of the SAP clients are already using SAP GST solution there are certain areas, which are unexplored or not implemented completely due to complexity of the same or due to in-applicability of the same at the time of earlier implementation. One such complex area is ISD solution under GST.

An Input Service Distributor is a unit who receives GST (CGST/IGST/SGST) invoices for goods and services related to its branches. It is common for HO (Corporate Office) of large manufacturing organizations to receive services related to Audit and taxation, maintenance services (ERP) on behalf of its branches. In such cases, the Invoice along with tax is raised with HO. Since HO does not have any selling activity, the tax benefit remains unutilized if not passed to the respective branches. GST law gives the benefit to use the same by branches with certain conditions and rules laid down by GST law. I have tried to put the solution given by SAP for ISD and rules given by GST law. 

What does Government of India say about ISD?

Input Service Distributor (ISD) means an office of the supplier of goods or services or both, which receives tax invoices towards receipt of input services.

The concept of ISD under GST is a legacy carried over from the Service Tax Regime. The government of India has laid down certain conditions and rules in order to help the entities claim ISD tax on the services rendered to the HO or corporate office as mentioned in below picture.

Fig 1: ISD Applicability and Rules 


How does SAP standard solution for ISD under GST work?

SAP has given complete solution with a set of notes in SAP ISD notes for ECC and S/4 HANA.

The solution requires customization's as per the standard document given in the notes.  The ISD solution can be implemented in two steps after implementing the notes:

1)      ISD customization's table to be maintained

2)      ISD execution steps

The SAP standard solutions work for more than 90% of the clients and in case there is a need to implement any custom logic, SAP has given standard BADI's in the notes for meeting the requirement.


Fig 2 : ISD customization and Execution steps

January 3, 2020


What is GDPR ?

GDPR is an acronym for General Data Protection Regulation (EU) 2016/679 which was adopted / accepted on 14th April 2016 but came into existence on 25th May 2018. It is a new framework devised for protecting data and privacy laws. GDPR is designed to streamline & strengthen laws that protect personal information of individuals. The new regulation supersedes the Data Protection Directive 95/46/e which was enforced since 24th Oct 1998.

Where is GDRP applicable AND Which region / individuals does it apply to ?

It is important to note GDPR is a European Union (EU) Regulation. It is a legal framework with a set of guiding principles to collect and process personal data of individuals in EU. Organizations that collect, store, control, process personal data within an EU country need to be GDPR compliant as a mandate. In addition, organizations located outside EU must be particularly cautious and ensure they do not violate this regulation. In case such organizations collect and process personal data of EU residents, they too need to be GDPR compliant. The location of the organization does not safeguard it from facing the consequences of non-compliance. The regulation is applicable if an organization is based outside EU but personal data of EU residents is collected.

Organizations located within EU will have a major impact in all likelihood as compared to other countries as EU organizations are more likely to process data related EU individuals.

What kind of data / information does GRPR apply to ?

GDPR applies to personal data including special category of sensitive personal data.

Per Article 4 of GDRP: 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In simple words, it means any data that leads to identification of a natural living person. It does not apply to a non-living person.

It is to be noted that if any organization indulges in processing of data concerning personal data only then the General Data Protection Regulation is applicable. Personal data can be any information related to an identifiable person. The person should be identifiable directly or indirectly via above identifiers such as name, location etc., or can also be in combination of data like age, date of birth, height, weight, salary, company, bank account number, credit card number etc.

In addition to above, one should specifically consider a category called as special categories of personal data (or sensitive personal data) as they are particularly relevant. This type of personal data in particular is subject to a higher level of protection and should not be collected without explicit consent or exceptions. These furthermore include personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or philosophical beliefs, or trade union membership, as well as medical & health data, genetic, biometric data.

Penalties if Non-Compliant on GDPR :

As per the new regulation when a data breach is detected, the concerned organization is required to inform all affected people and respective supervisory authority within 72 hours of the data breach. For this the organization should ensure they have a robust detection & investigation process in place to capture any breaches on data front. In addition, the organization is also needed to keep a record of data breaches in the past for reference purpose.

Organizations will need to audit their data and verify that the methods of collecting, processing, and storage - as well as the nature of the data itself - are GDPR compliant. Organization who fail to comply with GDPR will have to pay a maximum fine of €20 million, or 4% of annual global turnover, whichever is higher. Compliance is, therefore, a very important aspect in any organizations that process personal data.

What is SAP ILM ?

Per SAP, ILM (Information Lifecycle Management) enhances the SAP standard delivery with the ability to manage the lifecycle of live and archived data based on rules. SAP ILM uses ILM-specific, enhanced data archiving functions.

Typical Features

    · Lifecycle Management of data with the following Retention Management functions:

   a) Defining ILM rules (for example, retention rules) for the purpose of mapping legal requirements and their application to live and archived data.

   b) Putting legal holds on data that is relevant for legal cases in order to prevent early destruction.

   c) Destroying data while taking legal requirements and legal holds into account.


    · Storage of archived data on an ILM-certified WebDAV server (to guarantee non-changeability of the data and to protect it from premature destruction)


ILM is available as a business function in SAP NetWeaver based systems like ECC (prerequisite is NW 7.0, EhP 1). It can be activated via switch framework depending on organizations contractual agreement with SAP as it could incur additional licensing cost.



The three main building blocks of SAP ILM are

1) Data Archiving              2) Retention Management          3) System Decommissioning

ILM 1.jpg


1) Data Archiving: Data archiving is the core of SAP ILM, this classical function has been available in SAP since a long time. Data that is not needed on regular basis and no longer be changed is archived in files.

2) Retention Management: With retention management you can define and control duration, periods for which data can be retained in the system as per legal, contractual policies. You need to identify the audit areas, policies and rules to retain data.


3) System Decommissioning:  With this option you can decommission legacy systems by moving legacy data to ILM Retention Warehouse or delete data no longer to be retained. Based on legal and contractual law expiration, the data can be deleted. Stored data can be retained from ILM retention warehouse for any future purpose like audits.

Personal Data lifecycle - Definitions :

ILM 2 update.jpg

Processing -  operation carried out on existing data within the system to extract & obtain further meaningful information

Blocking - prevent access to data post processing as data is no longer operated on. In this case data is blocked as it needs

to be retained due to legal or contractual or statutory compulsion.

Deletion - erase the data as it is no longer to be retained / restored in the system.


End of Business - marks the start of retention period

End of Purpose - a point in time at which data is no longer processed in the system

End of Retention - a point in time at which data is no longer needed to be retained in the system and marks the start of

deletion period.


Personal data which is no longer required by the organization should be blocked and retained for legal or contractual purpose. Further if there is no need to retain from legal or contractual obligations, the personal data must be deleted from the system.

How are SAP ILM and GDPR related ?

SAP ILM acts as a key enabler for GDPR as it can identify personal data to be retained in the system and data to be deleted. ILM is the key element to define data retention rules depending on GDPR.


With SAP ILM, the necessary functions like blocking and deletion addresses GDPR's requirement. It will ensure personal data is not stored or processed post the original purpose has ended.


Data Management with respect to GDPR has two main requirements: Data Retention & Right to be forgotten. Both are addressed via SAP ILM i.e. via standard SAP ILM function and SAP ILM blocking and deletion functionality. This means blocking of data by providing display access when data is to be retained in the system for legal & compliance matters (data should not be deleted), or delete the data when it has fulfilled all purposes.


Hence to conclude SAP ILM provides the solution to address requirements & obligations around data processing and safeguards individual rights for personal data.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter