Did you know

Just 12% of businesses actively monitor subcontractors and third parties

In a post-GDPR world, that figure isn’t good enough. In this article, we go through just how GDPR will impact supply chains, what constitutes data and how companies can become GDPR compliant.

Unless you’ve been living off grid, you’ll have become accustomed to four letters – GDPR – in recent weeks. With eye-watering fines of either €20 million or 4% of annual global turnover (whichever is greater), it’s no surprise that companies of all shapes and sizes are taking it extremely seriously.

The European Union is rolling out the General Data Protection Regulation (GDPR) at the end of the week (Friday 25th May 2018), a move that is the biggest change to data protection rules in a generation.

For those working within a supply chain, GDPR poses a unique set of problems. The biggest hurdles are the sheer volume of data that is produced, how best to share it across all levels of a supply chain, and how to monitor and protect it.

The impact that GDPR will have on supply chains cannot be understated.

As the new rules apply to all data regarding EU Citizens, no matter where a business is located, all companies within a supply chain (including third-party suppliers, subcontractors and distributors) must comply.

This presents numerous challenges for those tasked with tracking and logging the flow of data between companies.

It’s no surprise, therefore, to find that in Deloitte’s Extended Enterprise Risk Management (EERM) survey, 57% of respondents stated that they have fears regarding the transparency of subcontractors used by third parties within their supply chain. Compare that to just 2% of people who replied with confidence that they were on top of the practices of those third parties.

In response to the survey, Deloitte’s Kristian Park said it was clear that many organisations still had “a way to go to implement adequate subcontractor management”.

The report also found that the minority of businesses – just 12% – actively monitored subcontractors and third parties. As Park added, “this means that 88% of organisations are either dependent on third parties to conduct subcontractor risk reviews, or have an unstructured, ad hoc approach to fourth and fifth party oversight.”

Alongside suppliers, customers and commercial partners, businesses will need to ensure GDPR compliance through other platforms. Additional services and software companies – SaaS providers and cloud-based applications, for example – that process personal data of any kind will also need to be evaluated under the new rules. Contracts may need to be updated and suppliers audited to ensure compliance.

What constitutes as ‘data’?

Within a supply chain, GDPR relevant data refers to anything that can identify an individual, be it raw information tied to a specific company or individual, or processed data garnered through the report-making process. So, for example, data can relate to a supply partner’s contact details through to historical pricing information and tracked data provided by analytical software.

All of this will need to be tracked and monitored. If you’re passing on any data across your supply chain that you hold or generate that could be tied to an individual source, you’ll need to be able to account for it.

What about the future?

Obviously, with just a couple of days to go until GDPR comes into force, your supply chain should meet these new standards. But what could you be doing to relieve this ongoing compliance pressure?

If your company is working with a new supplier or partner, then your contract should precisely state what data is shared, how long it will be kept, what happens to it at the end of the contract’s term, how that data can be amended and what provisions are in place in the event of a data breach.

GDPR will permeate all levels of your supply chain and will impact how you handle and transfer all kinds of data. You now need to be extremely proactive whereas, in the past, businesses could have been reactive once the information moved along to second- and third-tier suppliers and partners.

Have you thought about consolidating your supplier base?

GDPR poses supply chain managers with plenty of problems, especially when it comes to both downstream and upstream suppliers. But, the same could be said for other issues relating to large and cumbersome supply chains, such as price management, logistics and warehousing.

Throughout our history, Global Supply Services (GSS) have helped original equipment manufacturers (OEMs) with the planning and procurement of high-volume parts and commodities. Our unique approach to supply chain management consolidates your existing low-value supplier base and cuts the number of contacts and contracts that you deal with to just one.

Speaking simply in terms of GDPR, GSS would ensure all compliance of external suppliers and manufacturing partners on your behalf, allowing you to focus on other, more profitable aspects of your business. Data protection, just like supply chain management, doesn’t have to be scary.

Please note: This article does not constitute as being legal advice.

Did you find that useful?

If so, why not subscribe to our mailing list?

    I would like to receive communications from GSS (required)
    YesNo (Unsubscribe)

    I'd like to receive:
    Promotions via email
    Industry News via email
    Company News via email
    Telephone Communication

    If you found the above article useful, why not sign up to our mailing list?

    Doing so will mean that you will get notified first whenever we produce or publish new guides, white papers and industry reviews. And if you’d like, you can also opt-in to hear about any relevant industry and company news that may be of interest of benefit to your business, and find out if we’re running a promotion of any kind.

    We promise not to contact you unnecessarily or excessively. But if you do change your mind and wish to unsubscribe, then you can do so at any time by either updating your preferences via the form on this page or by emailing us at

    Be ahead of the curve.

    Global Supply Services’ Privacy Policy

    • Posted by Marketing
    • On May 24, 2018


    Leave Reply

    Your email address will not be published. Required fields are marked *