THE SOURCE | SCOUT BLOG

SEARCH BLOG

FILTER BY CATEGORY

ARCHIVES

Ask Suppliers These 8 Questions to Measure GDPR Compliance

53 days. That’s how long we have before the General Data Protection Regulation goes into effect, and many teams are still scrambling to tackle the final items on their GDPR to-do lists. At this point, most companies have the basics in place – appointing their Data Privacy Officer, identifying processes for handling personal data, and educating teams on new policies for handling that information. However, there are two big challenges that remain: measuring GDPR compliance for third-party vendors and getting updated contracts in place.

Why is this important? Not only does the GDPR hold companies directly accountable for data privacy practices, but it extends that responsibility to any third-party vendors who touch personal data. As a result, companies are now required to enforce, monitor, and document how their suppliers meet the standard.

That’s a lot of ground to cover, and without the right tools, it can quickly overwhelm even  high-performing teams.

Measure GDPR(For more about the GDPR’s impact on Sourcing and Procurement, check out our new whitepaper on the subject.)

Fortunately, with a little planning and the right tools, it’s possible to manage this process and build a repeatable framework for compliance today and into the future.

Measure Sourcing’s GDPR Compliance with Regular Assessments


To ensure GDPR compliance, organizations must understand how and where their vendors handle personal data. And, to meet the standards set out in the regulation, those processes and agreements must be well-documented, consistent, and kept up-to-date. Our customers have found that the best way to accomplish this is through a structured Performance Management process.

By formally surveying and capturing data on vendors, you can quickly identify risks in your supply chain and put plans in place to address any gaps. Perhaps most importantly, by documenting the process and results, you’ll always be prepared when questions come your way from the audit team.

Need some inspiration to get your questionnaire started? This is by no means exhaustive, but here are a few questions Scout customers have been asking their suppliers to measure GDPR compliance.

  1. Please identify your appointed Data Protection Officer and their specific responsibilities.
  2. Describe your schedule for reviewing and updating your policies for processing data on behalf of your data controllers.
  3. Where does your organization store the digital personal information you are managing on our behalf? If stored with a third-party subprocessor, please identify them and where data is stored.
  4. What processes and methods are you using to properly anonymize and encrypt personal data?
  5. Please describe your processes for detecting and communicating data breaches.
  6. What tools are in place to manage the identification, tracking, and destruction of personal data associated with an individual?
  7. Are there clear instructions in your contracts detailing what happens to the data at the end of the contract period?
  8. Explain the data privacy and security training employees in your organization receive, and on what schedule.

Get Updated Contracts in Place


The value of Contract Management to maintaining GDPR compliance is worth it’s own discussion. Certainly, this is one of the most important components of scoring and managing third-party compliance. And it’s a simple question: Has the vendor reviewed, approved, and signed the updated contracts, model clauses, and any changes to liability prepared by your legal team?

But, across a portfolio of hundreds or thousands of suppliers, managing this process can be a nightmare. The second step in this process is getting action items and tasks in place to ensure all of your vendors step up, and you have the paper trail to prove it. Here’s where a great Contract Management process really saves the day.

With Scout’s new Supplier Performance Management capabilities, you can send vendors structured questionnaires to assess their data collection and management processes. Scout collects their responses in one centralized, accessible location, and you’ll quickly see where all your vendors stand in terms of GDPR compliance. Even better, you can quickly flag any that may not be operating in line with the new regulations, and start the process to get them back on track.

Pair this with Contract Management, and you’ll be poised for successful, stress-free, and long-term GDPR compliance. Good luck out there, privacy protectors. For more on this topic, check out our on-demand webinar on accelerating GDPR compliance.

Find out how Scout helps you support your GDPR game plan. Scout’s eSourcing platform provides a simple, smart, and streamlined way to ensure GDPR compliance.

Most Recent Posts

Scout Value #1: Obsess over the Customer

Customer excellence is what we live and breathe every day at Scout; our number one company value is to obsess over the customer. Today, we found out that Scout was included in Zappos’ corporate culture publication, Zappos 2018: Your Culture Book, in the Travel and Procurement feature. This became one of those moments when we… read more

Scout and About at SF Pride 2019

One of the most fulfilling parts of working at Scout is partnering with colleagues who share your values. As part of the Google Ventures portfolio, we at Scout had the privilege of supporting the LGBTQ community by marching with the GV troops in San Francisco’s June 2019 Pride Parade. Our Scout Pride Team was a… read more

The Top 3 Ways to Cut Through Contract Chaos

Contract management processes can be overwhelming with different contract versions floating through emails, renewal dates approaching by surprise, and opaque approval bottlenecks slowing down workflows. This week, Vice President of Strategic Sourcing at MDC Partners Jason Cammorata joined us in a webinar to share how he and his team are cutting through the chaotic world… read more