In the Concur Data disposal process, concur considers some data as "Sensitive" & remove it after a maximum of 12 months from the date of Inactivating the data once the Data retention process is activated for the instance.
However, when asked Concur support which all fields considered to be "Sensitive" data, they have only provided generic information as examples like SSN Number, Passposr No. etc. but have not shared the exact all fields that which all fields exactly removed as part of "Sensitive" data when we activate the Data Retention Policy.
Has anyone came across similar requirement? & are you able to share your input on how to manage this part & how can we get to know which all fields exactly considered as "Sensitive" Data?