The EU General Data Protection Regulation (GDPR) is still top of the agenda for many organisations. While many organisations are well on the road to compliance, others are wondering where to begin in dealing with the large volume of supplier contracts that will need to be made GDPR compliant.
The key purpose of GDPR is to increase and protect the rights of EU data subjects by creating transparent accountability over data processing. The new data protection laws cover any organisation that collects or processes the personal data of EU residents – regardless of whether the organisation is based in the EU.
Most organisations work with third party suppliers and any contracts with suppliers that have access to EU personal data will need to be reviewed and addressed to ensure they meet GDPR requirements. Otherwise organisations risk paying substantial penalties for non-compliance.
The risk of inaction from your supplier
Under GDPR the burden for personal data protection lies primarily with data controllers or those entities that ‘own’ personal data and process it.
Controllers will be responsible for compliance with GDPR’s processing rules and will be held liable even when another organisation which could be a third party supplier is contracted to carry out these activities. This is very important where suppliers are used and it means it is essential for data owners to review their arrangements with suppliers to ensure they stay compliant.
Engaging with your suppliers
The first step is to review which suppliers the new GDPR rules affect and prioritise those contracts which are essential.
Engage with your suppliers early and discuss specific requirements to ensure they understand their obligations. These discussions are likely to be led by the Procurement team, so it is also an opportunity to renegotiate contract terms or address any other risks in the contract.
It is important that while this process is taking place, you also ensure you have the appropriate internal processes.
Usually there is a significant number of contracts which needs reviewing. The time to start is now.
Exova BM TRADA experts can help you on the road to compliance by delivering a supplier workshop FREE of charge. Email us for more information.
Supplier awareness workshops
Supplier awareness workshops can take several different forms. The most popular is where Exova BM TRADA experts present the GDPR to your suppliers. This usually takes place at your premises, and we offer our time FREE of charge.
The workshop helps suppliers understand current legislation and their obligations combined with what best practise looks like, and the steps they can take. It is positioned to provide insight and advice, which will strengthen their position with you.
By understanding what you are looking for and by gathering information, it will enhance understanding of the requirements and, ultimately, be better for customers which will help your organisation thrive.
Our experts have a great deal of experience at presenting at supplier engagement events and will work with you to suggest what a typical agenda might include.
If you would like more information on the supplier awareness workshops we offer, please email us or call us on 01494 569745 and one of our experts will get in touch.