What GDPR means for your supply chain
WHEN people talk about the European Union’s (EU) General Data Protection Regulation (GDPR) coming into effect later this month, they do so in the context of their IT practices.
For most businesses, GDPR is an IT problem that the CIO needs to solve. However, that’s not true. It’s a business problem that needs the support and co-operation of the entire C-suite and board.
Supply chain managers, for example, need to realize the incredible amount of data they possess and how they can protect it.
The thing about supply chains is, you’re never going to be able to keep all the data to yourself. To function, you need to share data with your partners – in fact, it’s critical to share data to build and optimize efficiencies in today’s competitive business landscape.
However, that being said, you can’t avoid compliance because it makes your job more challenging – can you?
To accurately assess how it affects your role as a supply chain manager in your business, map the flow of personal data along the chain you’re responsible for. Identify the recipients of personal data, including sub-processors and where the personal data is processed.
Next, identify existing supplier contracts that involve the processing of personal data and review the data protection provisions you’ve already put in place. If they’re insufficient, make sure you beef up your policies to safeguard your data.
Remember to consider the organization’s approach to risk in existing and new contracts. Not only do you face financial risk but also significant reputational risks as the GDPR requires you to inform them (and the public) about a data breach.
Once you’re through this, make sure you’re looking outward just as much as you’re looking inward. Evaluate your supply chain partners and the contracts you have with them to ensure they’re required to comply and have the necessary checks in place.
Revisit your insurance policy to understand what your insurer covers and what they don’t in case of a data leak/breach and what are their requirements in terms of evidence that you weren’t negligent in safeguarding that data by yourself.
Supply chains are often complex because they involve many stakeholders – they also present a significant risk to your business in light of the GDPR, but it doesn’t mean you shut down. It only means you do what you do well and work hard on things you didn’t do well previously. Initial efforts to secure your supply chain will be challenging but if done right, they’ll save your business a lot of money and time in the future.