May/June Corporate Card Supplement

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Data legislation • By Nick Easen

WHAT TO WATCH IN THIS NEW DATA ERA

• Travel managers need to be mindful of the data they collect and hold, as well as know what data is shared with suppliers or providers in the trade.

• Corporates should work with their travel and card providers to understand what data will be required and then to make sure that the necessary permissions are in place.

• It is imperative that travel managers review their policies and procedures to comply with the regulations, and implement appropriate controls when handling data.

establish cross-references and make data more accessible and usable. This is partially driven by regulatory require- ments and partially by client needs. But there is certainly still some way to go.”

A NECESSARY EVIL Travel and payment providers often have good reasons for obtaining sensitive and defining personal data. It is used by executives on the road and travel providers for verification and regulatory purposes, whether it be for flight, hotels or car hire. Dates of birth, addresses and payment card details are all encrypted, stored and linked to individuals. However, under the new rules, from

May new permissions will need to be sought in order to retain traveller data. Corporations, travel managers and payment providers must understand what data they have, why they are storing it and what it will be used for and if it’s necessary to retain it. Data security will also be increasingly paramount with the EU’s NIS regulation coming into force. “The corporate will remain in the

driver’s seat by governing the terms of consent with those partners,” says David

In association with

Voss, head of commercial cards for global transaction services EMEA at Bank of America Merrill Lynch. “Payment providers, such as banks,

are already used to operating under the strictest data security guidelines. Regulation is helping to make certain this approach is consistent across the wider industry,” he adds. GDPR, NIS and Open Banking

will have a more noticeable effect on consumer-facing organisations which, in the past, were keen to cross-sell other products. However, this behaviour is not common in corporate travel. It works more along verticals. Nevertheless, with greater data

transparency and reconciliation, better collection methods and traveller tracking tools, there is more interest in information management among travel managers. “Generally, we see corporates taking an active interest in their data, often to keep track of spending or optimise decision- making. More than 70 per cent of our clients log in to their account on a regular basis to access management information,” says Maria Parpou, product director for commerical card at Barclaycard.

THE COST OF DATA SECURITY Ensuring that all data systems are secure, work together seamlessly and are com- pliant with the regulatory changes is proving to be a huge challenge and a cost across the board, not just for financial services, but also for travel providers and, to some extent, buyers. “The best ways for B2B customers to deal with these requirements is to look for partners and suppliers who can share the burden of compliance,” states Antoine Boatwright, chief information officer at Hillgate Travel. The NIS directive, also promulgated

in May, is now compelling businesses to act. The UK government has warned operators that they could face fines of up to £17 million, and transport and travel is part of this picture. Penalties will be levied if organisations fail to put in place robust measures to defend against all types of cyber-incidents. The big issue here involves the sharing of data with third parties. As data moves in the ether there is an increased risk of a data breach, so financial services, travel managers and TMCs that share data should be increasingly monitoring those

BBT CORPORATE CARDS SUPPLEMENT 2018 27

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36