With an emphasis on third parties, GDPR makes data protection procurement’s problem. Data protection is – or at least should be – on every procurement professional’s mind.
Supply Management looks at what it means for procurement. Leo Martin contributed to the discussion.
The new regulation requires much tougher controls over what an organisation’s suppliers do with personal data. “One of the most significant changes is the imposition of compliance obligations on both the data controller [the company that decides how the data will be used] and the data processor [the company that works on the data for the controller],” explains Leo Martin, director of business ethics and compliance firm GoodCorporation.
“Third parties involved in data processing as part of their contract are required to assist the contracting organisation in complying with its GDPR obligations. This involves accepting the contractual requirements that must now be included in any third-party agreement with an organisation processing data on your behalf.”
Posted December 2017
GoodCorporation examines the steps oil companies can take to carry out anti-corruption due diligence
Due Diligence in the Oil Industry OilVoice – June 1 2012
Opinion: The truth about bribery and corruption LLoyds Loading List – 20 August 2012