With an emphasis on third parties, GDPR makes data protection procurement’s problem. Data protection is – or at least should be – on every procurement professional’s mind.
Supply Management looks at what it means for procurement. Leo Martin contributed to the discussion.
The new regulation requires much tougher controls over what an organisation’s suppliers do with personal data. “One of the most significant changes is the imposition of compliance obligations on both the data controller [the company that decides how the data will be used] and the data processor [the company that works on the data for the controller],” explains Leo Martin, director of business ethics and compliance firm GoodCorporation.
“Third parties involved in data processing as part of their contract are required to assist the contracting organisation in complying with its GDPR obligations. This involves accepting the contractual requirements that must now be included in any third-party agreement with an organisation processing data on your behalf.”
Posted December 2017
The government’s plans to revise the UK’s data protection laws, announced this month, will effectively ensure that the UK remains compliant with the EU’s General Data Protection Regulation (GDPR), which is applicable from May 2018. This announcement is helpful for…
Carillion plc has achieved the Investing in Integrity (IiI) chartermark as a result of successful completion of the rigorous IiI accreditation process.? Investing in Integrity (IiI) is a Charter Mark, founded in 2012, and designed to enable an organisation to…