Hello All,
Currently Yodlee is activated for US, UK and Ireland Countries and our client wants to deactivate Yodlee for UK and Ireland due to GDPR risks.
Our client has asked below questions
1. Best Practices for GDPR Compliance Bring Your Own Card (BYOC)
• What are other companies doing to mitigate GDPR risks when using Concur with BYOC functionality?
• Are there recommended controls or configurations within Concur that help limit exposure?
2. Disabling BYOC by Country
• Is there a way to disable the BYOC feature outside of the US?
o For example, in our entity, we may need to disallow BYOC usage for employees in Ireland and the UK based on the GDPR risks.
• If this is not configurable per region, are there any workarounds or recommended alternatives?
3. Alternative Options to BYOC
• We understand we could restrict expense submissions to:
o Manual entry, or
o Use of company-issued credit cards only
• However, we’d like to know if there are other systematic options within Concur to achieve this outcome more cleanly.
4. Automatic Import of Personal Transactions
• Does enabling BYOC cause automatic credit card feed imports for all transactions, including personal expenses?
• Is there any way to control or limit what gets pulled into Concur from a personal card?
5. Employee Consent and Privacy Policy
• As part of the BYOC process, do employees explicitly acknowledge and agree to the data sharing?
• Is there standard language in Concur’s Privacy Policy or terms that clearly outlines:
o What data is collected
o Where it is stored/processed
o Whether there are international transfers involved?
Could you please review and provide us the best way we can handle this situation.
Appreciate your support in this matter!
Best Regards,
Priyanka
