GDPR – the topic that’s been on everyone’s mind, in the business world, for the past few months is slowly reaching its due date. So, is your business GDPR compliant? Moreover, is your procurement organisation GDPR compliant?
At first glance, making sure your company is GDPR compliant can be a real hassle – time spent reviewing contracts, internal policies and processes is all time not spent growing the business. But companies that look at the bigger picture have already realised that preparing and making sure they are GDPR compliant is an opportunity that will give them advantages over their less prepared competitors.
When referring to procurement, GDPR will have major implications and companies need to be prepared and take into account each aspect that could be considered a liability.
A few things that procurement organisations should consider while preparing for GDPR:
Take into account not only your GDPR compliance but your suppliers’ as well
The GDPR regulation puts a big emphasis on a company’s ability to demonstrate compliance. This means that not only do you need to make sure your company’s processes are GDPR compliant but you also need to conduct the appropriate due diligence of your suppliers, making sure that they too are taking the necessary steps to become compliant.
A high percentage of your company’s goods and services contracts will need to be reviewed in detail as they will probably be affected by GDPR in some way or another. Besides reviewing existing contracts, you should probably think about reviewing documentation regarding future contracts too, this will enable you to write and document a robust due diligence process for reviewing new suppliers.
When talking about contract management, another aspect to take into account is contract storage and data access. We all know that data security is an important part of GDPR, so making sure you are well protected against unauthorised access and accidental loss or destruction of data is a must.
In this sense, minimizing the number of systems where you’re keeping your data, will make it easier to comply with the new regulations.
Information flow within the supply chain
Clearly mapping out the information flow within your supply chain will give you better visibility over your data and help make sure you are well prepared and able to face a potential data breach. A very important aspect considering the 72-hour data breach notification requirement imposed by the GDPR.
Data security has been an important aspect for quite some time, what GDPR will change however is the types of data that fall under these regulations and the sanctions payable in the event of a breach.
Taking the time now to improve your data protection and making sure it complies with the new regulations will demonstrate to your customers and suppliers that you respect them, giving you competitive advantage in future contract negotiations. Moreover, demonstrating to your customers and competition that you are well equipped to face any data breaches and that you “have your data under control” will position you as a trusty partner and fierce competitor.
Looking for expert procurement advice? Let’s have a chat.