cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Occasional Member - Level 1

External Attendees - Data protection

Dear Experts,

 

We have requriement that actual data for External attendees should not be stored in Concur while adding them on expense reports, as that is client confidential data. Instead, it should save some codified data which cannot be directly identified in Concur. Basic requirement is that client confidential data should not be stored in Concur. How can we achieve this, any pointers?

 

Concur can possibly connect to some customer database and store actual data there and have some reference ID stored in Concur. Then it can fetch it back to display when manager opens the report for approval. This is just a thought and not sure how technically feasible this will be in Concur. 

 

Any feedback will be highly appreciated as this is one of blocker issue for our Concur implementation.

 

Regards,

SV

4 Replies
Highlighted
Community Manager
Community Manager

Re: External Attendees - Data protection

Hi SV -

 

Thanks so much for the question. Data security is of utmost importance to SAP Concur. We have a team who can address your questions around this specifically. They can be reached directly by emailing Concur-GDPR@concur.com.

 

Looking forward to hearing from others on this topic as well. 


Thanks,
Chad Minnick
SAP Concur - Community Manager

Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
Highlighted
Occasional Member - Level 1

Re: External Attendees - Data protection

Hi CM,

 

Thanks for yoru response. We are mainly looking at some kind of masking solution if available in Concur for external attendees?

 

Regards,

SV

Highlighted
SAP Concur Employee
SAP Concur Employee

Re: External Attendees - Data protection

Hi SV,

 

This is a question that I am commonly asked so I totally understand where you are coming from! Generally, customer stick to the default fields in the attendee forms for their external attendees. However, if your company policy, country or financial sector dicate a different policy, here are a few suggestions that I would consider if I was in your position:

 

What legal or policy is specifically being enforced? What specifically does the policy say should happen?

What version of SAP Concur your company uses (Standard or Professional)

 

What ever solution you choose to implement, you should always consider maintenance and ease of use. Some customers do not use the first name last name fields and instead rely on an attendee ID from their CRM system but this is very rare in my opinion as you would lose all the additional compliance topics such as Gift's & Entertainment tracking.  You could also consider an API based solution but again, the more complicated you make the solution, the harder it is to maintain.

 

Just a few ideas for you!

 

Kind regards,

Angus Irvine Robertson

SAP Concur Customer Escalations, SAP Concur Office of the President
Highlighted
Occasional Member - Level 1

Re: External Attendees - Data protection

Thanks Angus for your reply. We are considering to use URL callout to send the attendee details to us which we can codify and send back. Will that work? Do you have any such working model based on your past experience. 

 

Thanks,

Sumit