This information comes into your possession following the processing of expenses claims. Consequently, you are legally and morally responsible for storing this information. It is therefore very important to know where it is and how it is used.
Where is this data?
This data is extracted and synced from Human Resources management databases to travel & expense management tools (such as Notilus), booking systems, travel agencies and even GDS (Global Distribution Systems).
Reminder: GDS, created by airlines between 1960 and 1990, are work tools used by travel agencies. They include airline inventories, as well as all your traveller profiles and all trips taken by your company, along with the identity data required by airlines (even your analytical information such as the site/customer visited, if this information is provided on your travel agency invoice). GDSs are old systems, but they are becoming more varied, especially by supporting implementation of the IATA NDC (New Distribution Capability) standard, which allows airlines to sell their products more directly, with greater customisation and more images and services.
Furthermore, booking channels are growing rapidly with hotel or taxi hubs and new concepts such as Airbnb, Uber, Trainline, etc. These tools also retrieve your traveller profiles in order to customise their offer. But customisation means profiling and therefore storing personal data.
For what purpose?
Finally, travellers’ data may be sent to automated processing systems responsible for the safety of your travellers (International SOS, iJet, CIBT, etc.) that also install itinerary tools (Google Trips, mTrip, TripIt, Wipolo) often based in the United States.
Personal data, data relating to your travellers’ private lives and data relating to your company’s trips is disseminated throughout the world. It is essential to limit transmission of and access to your company’s sensitive electronic data, and to be able to check compliance with the regulations on its access, processing and storage.