In the wake of recent massive and highly publicized data-breach security crises, everyone is talking about cybersecurity. And they’re no longer doing it behind closed doors.
Following the advent of General Data Protection Regulation (GDPR) in Europe and the hardening of individuals’ positions with regard to privacy, the assurance that their information remains private is of utmost concern for companies.
The story’s no different when it comes to spending data. Think of the highly sensitive nature of your travel and expense (T&E) information and sizable travel volume – like the analysts and finance specialists working on mergers and acquisitions, plus thousands of people meeting with thousands of clients every day. Your travelers generate reams of confidential data, and that requires the highest levels of security.
The question is: How do you know the spend management system you have is secure? The best practice is to protect your T&E information with systems that meet and exceed industry ideals for security and data protection, including:
- ISO 27001 and ISO 20000 certifications
- SSAE 16 certifications for expense management solutions and supporting hosting facilities
- PCI compliance – a VISA registered, Level II CSIP service provider
A multi-layered approach to GDPR compliance
Your system should meet GDPR standards with a multi-layered approach, delivering protection across touch points. This includes physical and logical information, which spans database, middleware, application, network, and communication layers.
And speaking of GDPR, you should ideally use a T&E solution that supports data privacy standards, such as:
- Transparency: Data subjects or authorized employees should be able to report on and export personal data, and every change and every login to personal profile data should be logged automatically – regardless of user or channel.
- Data deletion: It is essential to remove personal profiles and permanently block personal data associated with deactivated end users, which can be done automatically. With data-retention administration capabilities, you can also remove all transactional or other remaining information associated with a data subject. The right solution also allows you to create exceptions that block specific data subjects from being removed.
- Restriction of processing: Set role-based permissions to determine who has access to (and who can change) personal data.
Data transparency for complete security
Total visibility into T&E is the only way to know if you’re covered. It also just makes good business sense.
With a real-time view of spending and reporting, you can capture all your T&E spend and all your travelers’ bookings and itineraries, then pull it all together to see where the money’s going. When you can see it, you can control it – and quickly find the data you need to make educated decisions for your company and your customers.
This originally appeared on the Digitalist and is republished with permission.