Hi Randolf,
Unless you are referring to policy internal to SAP, data breach notification is generally technology agnostic and will vary based on local regulation.
In the UK we have guidance from the Information Commissioners Office which can be used to formulate detailed policy that fits your organisation/clients requirements: https://ico.org.uk/media/for-organisations/documents/1562/guidance_on_data_security_breach_management.pdf
Cheers,