How well where you prepared for the GDPR regulations? Did you look at the ramifications in your business on your systems and processes? With massive fines, those that grasped GDPR in advance, certainly reaped the benefits of enhanced consumer trust and reputation. But have you considered the tendering perspective?
The GDPR introduced new rules for compliance, and for you to demonstrate your compliance. Comprehensive but proportionate governance measures are required, showing data compliance measures have been integrated into data processing activities. These concepts of ‘privacy by design’ and ‘privacy by default’ are explicitly recognised.
The GDPR placed direct obligations on processors of personal data. It stipulates the contractual provisions that must be in place and sets out the conditions for sub-processing. Protracted contractual negotiations with suppliers are inevitable as parties’ wrangle to shift liabilities. Importantly, however, this will not exonerate or dilute the liability of controllers to the regulators or data subjects.
This will not exonerate or dilute the liability of controllers to regulators or data subjects. A data breach within an organisation’s supply chain could be detrimental to the organisation, both from a financial and reputational perspective, no matter where in its supply chain it occurs.
Businesses therefore need to carry out the appropriate due diligence of suppliers and monitor their GDPR compliance. Those who audit preparedness and what they expect from suppliers now will be in a much better position to weather any disruptive forces post May 2018.
If you haven’t done so already then review the tendering perspective together with agreements and sub-contractor questionnaires before the 25th May. This is an opportunity to get ahead of the game and your competitors.
You might want to read our last post on GDPR Data Management.
We are running a GDPR Workshop in March, more details to be posted here soon, or contact us for further information.