With an emphasis on third parties, GDPR makes data protection procurement’s problem. Data protection is – or at least should be – on every procurement professional’s mind.
Supply Management looks at what it means for procurement. Leo Martin contributed to the discussion.
The new regulation requires much tougher controls over what an organisation’s suppliers do with personal data. “One of the most significant changes is the imposition of compliance obligations on both the data controller [the company that decides how the data will be used] and the data processor [the company that works on the data for the controller],” explains Leo Martin, director of business ethics and compliance firm GoodCorporation.
“Third parties involved in data processing as part of their contract are required to assist the contracting organisation in complying with its GDPR obligations. This involves accepting the contractual requirements that must now be included in any third-party agreement with an organisation processing data on your behalf.”
Posted December 2017
Don’t Shoot the Messenger: how to build a whistleblowing system Real Business – March 4