With the European Union’s (EU) new General Data Protection Regulations (GDPR) fast approaching, procurement needs to be aware of the changes this will entail and how it can mitigate any risk posed by suppliers.
Coming into effect May 2018, the regulations aim to give EU citizens more control over how their personal data is used, as well as to try and streamline rules for international businesses. Names and address and other sensitive information relating to an individual’s professional or public life must be handled correctly by businesses and their suppliers, or they risk incurring significant fines.
Those who haven’t started preparing for these changes are leaving their businesses exposed. With a few months remaining there is still time to take action, but it needs to be done quickly.
Here are some things to look out for:
An understanding of the regulations is essential no matter what industry you are in. Businesses in the public sector, firms that use online marketing services and financial services companies need to be particularly cautious because of the volume of personal data they handle, however.
It is essential to work collaboratively with your organisation’s data ‘controllers’, those who decide how information is used; and ‘processors’, who process that information on behalf of controllers. This enables procurement executives to understand exactly how the business used this information and what the new rules will mean for that use.
Outside of this, it is essential to ensure any suppliers who deal with personal data know of these changes and are working to guarantee they meet the standards laid out.
In the past, data breaches didn’t need to be reported. However, under GDPR, a breach must be noted within hours of it happening. Fail to comply and firms could face fines of up to €20m or 4% of annual global turnover – whichever is greater.
To reduce this risk, you must understand what this means in terms of any breaches that occur within supplier organisations. Conversations with the legal department or outside legal experts is key.
Procurement will be expected to understand their supplier contracts in much more detail. They will also need to keep a record of all processing operations under their responsibility and quickly report any data breaches. Without keeping a close eye on all these details, the threat to the business could quickly increase.
As with any new regulations, it will take time for procurement to get completely up to speed. But, with little time remaining, it is essential to take action now.
In light of the forthcoming GDPR, ensure you stay up to date with the latest procurement insights, shared intelligence and opportunities from Procurement Leaders by subscribing to alerts.
This article is a piece of independent writing by a member of Procurement Leaders’ content team.