cancel
Showing results for 
Search instead for 
Did you mean: 
SumitV
Occasional Member - Level 1

External Attendees - Data protection

Dear Experts,

 

We have requriement that actual data for External attendees should not be stored in Concur while adding them on expense reports, as that is client confidential data. Instead, it should save some codified data which cannot be directly identified in Concur. Basic requirement is that client confidential data should not be stored in Concur. How can we achieve this, any pointers?

 

Concur can possibly connect to some customer database and store actual data there and have some reference ID stored in Concur. Then it can fetch it back to display when manager opens the report for approval. This is just a thought and not sure how technically feasible this will be in Concur. 

 

Any feedback will be highly appreciated as this is one of blocker issue for our Concur implementation.

 

Regards,

SV

4 REPLIES 4
ChadM
SAP Concur, Former Employee

Hi SV -

 

Thanks so much for the question. Data security is of utmost importance to SAP Concur. We have a team who can address your questions around this specifically. They can be reached directly by emailing Concur-GDPR@concur.com.

 

Looking forward to hearing from others on this topic as well. 


Thanks,
Chad Minnick
SAP Concur - Community Manager

Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
SumitV
Occasional Member - Level 1

Hi CM,

 

Thanks for yoru response. We are mainly looking at some kind of masking solution if available in Concur for external attendees?

 

Regards,

SV

arobertson
SAP Concur Employee
SAP Concur Employee

Hi SV,

 

This is a question that I am commonly asked so I totally understand where you are coming from! Generally, customer stick to the default fields in the attendee forms for their external attendees. However, if your company policy, country or financial sector dicate a different policy, here are a few suggestions that I would consider if I was in your position:

 

What legal or policy is specifically being enforced? What specifically does the policy say should happen?

What version of SAP Concur your company uses (Standard or Professional)

 

What ever solution you choose to implement, you should always consider maintenance and ease of use. Some customers do not use the first name last name fields and instead rely on an attendee ID from their CRM system but this is very rare in my opinion as you would lose all the additional compliance topics such as Gift's & Entertainment tracking.  You could also consider an API based solution but again, the more complicated you make the solution, the harder it is to maintain.

 

Just a few ideas for you!

 

Kind regards,

Angus Irvine Robertson

Head of CSI Customer Office, SAP Customer Support & Innovation
SumitV
Occasional Member - Level 1

Thanks Angus for your reply. We are considering to use URL callout to send the attendee details to us which we can codify and send back. Will that work? Do you have any such working model based on your past experience. 

 

Thanks,

Sumit