Data Privacy changing Procurement roles

Daniel Packer 16.04.2018

With the incoming deadline of GDPR, companies that store vast amounts of personal data are having to adjust their systems, giving rise to adapted Procurement roles.

The storage of data within Procurement & Supply Chain

Data Protection and Data Privacy have been prevalent in the news in recent weeks, from Mark Zuckerberg being called up to face a committee of US Senators on behalf of Facebook, to Cambridge Analytica having their offices raided by Police officials.

We all submit vast amounts of personal data to a wide range of companies, but with these high profile cases of ‘data disturbance’ it leads to the question; how is our data stored?

GDPR disrupting how suppliers are chosen

Within Procurement & Supply Chain, the use of technology and cloud based storage has allowed for data outsourcing to be acquired much easier over the last few years. This in turn has led to many companies using third parties to hold and process data on their behalf.

Because of this use of third parties, there has been a growing trend within the sector around “Process & Control”, essentially meaning governance is at the forefront of negotiations due to increased accountability from the Regulator. Those that outsource their data processing need to ensure compliance throughout their supply chains; the organisation is accountable for a breach at any stage.

With regulations such as GDPR putting an increasingly strict emphasis on data privacy, companies can’t just go with a supplier based on cost alone - the fines and reputational damage of failure to meet GDPR compliance could prove to be devastating for businesses.

New accountability principle

The rules within GDPR state that you don’t only need to comply, but you must also be able to demonstrate compliance - data compliance measures have to be integrated into data processing activities at all stages.

The necessary work and adjustments (regardless of preventing large fines) could help business by demonstrating to customers that they will handle their data securely and responsibly. At a time of such consumer mistrust, knowing that their data is in safe hands will be an attractive prospect.

The increased element of risk

They also need to take into account risk by conducting due diligence on suppliers. For this reason, we are expecting to see more roles with a higher risk element alongside standard procurement and supply chain duties, such as Third Party Supply Chain Risk Officers who hold quasi Risk and Procurement/Supply Chain skills. These individuals will be responsible for supplier onboarding and remediation when necessary.

Daniel Packer's picture
Senior Consultant | Key Accounts Team
dpacker@morganmckinley.co.uk