SVSL: Aligning Sourcing with GDPR – Are You Putting Your Company at Risk?

How are you dealing with data privacy at your company? The General Data Protection Regulation (GDPR), the sweeping law that governs the treatment of personal data of European Union (EU) citizens by any entity around the world, poses important considerations and presents considerable risk for sourcing organizations. Recently, Silicon Valley Sourcing Leaders (SVSL) held an in-depth discussion to examine some of the issues and investigate solutions.

Founded by some of the most influential companies in Silicon Valley, SVSL is a professional network of strategic sourcing and procurement leaders dedicated to elevating the profession through knowledge sharing and collaboration. SVSL attracts innovators and fast-paced companies in Silicon Valley, the greater Bay Area and beyond with the aim of delivering greater value and education to organizations, industries, and the larger community. 

Read on for important insights covered at the latest SVSL event:

Enormous Risk

Violations of GDPR requirements expose organizations to fines of up to 4% of a company’s global annual revenue or €20 million, whichever is greater. Regardless of where a company is physically located, if they engage with EU citizens and gather and use their personal information, they are subject to the requirements and face the penalties for violations.

Companies are responsible not just for their own actions but also those of vendors and suppliers they may use that interact with data of EU citizens on their behalf. Sourcing organizations must have proactive processes and policies to ensure compliance with GDPR and other data privacy laws that are rapidly coming into existence.

Examining the Issues

SVSL met at Anaplan headquarters in San Francisco to hear from data protection expert, Debra Chong, and Linda Chaun, sourcing and procurement leader and SVSL co-founder, and join in a group discussion.

During the event, Sarah Toomey from Anaplan described their concept of Connected Planning which integrates the company’s marketing, technology, and procurement groups as a virtual team and uses the Scout platform to set and evaluate milestones.

Some Data Protection Questions to Consider

  • Does your company have policies regarding suppliers or vendors sharing your data with third parties, including Data Mart?
  • Do you require suppliers to encrypt data while stored or in transit? Do you require de-anonymizing data?
  • What is your policy for single and ongoing data treatment and privacy violations by suppliers?
  • Do your vendor’s privacy policies influence your selection criteria?

Stepping Up to New Requirements

Attendees discussed the effect of dealing with data privacy in their own companies. About half reported an increase in the number of privacy enforcers—specific individuals charged with compliance of privacy and data laws—at their companies. Some said that ensuring data protection has required an intentional slow-down in sourcing events to spend more time in the contracting phase and understanding and assessing policies and practices. Sometimes this adds an extra week or more. At least one admitted that non-compliance will “auto kill a deal.”

One attendee shared how their company was affected by a data breach of a supplier. Although the damage is done at that point, and the past cannot be changed, the important aspects are remediation for affected customers and ensuring that such a breach is protected against in the future. For them, remediation included providing lifetime subscriptions to data protection services for their customers. Clear, prompt communication from the suppliers “coming clean” is critical and the mark of a worthy relationship.

Crumbling Cookies

Debra Chong pointed out that one great area of vulnerability is with cookies commonly used for tracking, personalization, processing, and analytics on company websites. Data kept in cookies is considered personal. Since most companies use numerous third parties as part of their websites, exposure and mistreatment can come from many entities. Your company has overall responsibility. Debra called cookies “the biggest challenger to privacy.” Cookies are “all or nothing,” she said, since many sites will not work or provide visitors access without them. Sourcing organizations should consider vendors and suppliers involved with their company’s website and associated sites, including registration services for events. One organization built their own registration service for events because they felt they could not trust a third party.

We’d like to thank the subject matter experts who made this insightful discussion possible. Thanks to everyone who came out and participated in the lively and engaging conversation.

Join Further Discussions and Gain Insight and Knowledge

We hope you’ll consider joining SVSL to participate in future discussions. Go to the group’s LinkedIn page for more information or to request membership.

Sibel Kurun | Tags: , ,

Most Recent Posts

What You Need to Know for Workday Rising 2019

Scout is thrilled to be participating in our first Workday Rising, Workday’s annual customer conference. This year, it will be held in Orlando, October 14-17th, and we couldn’t be more excited to attend.  With so much to experience during Workday’s multi-day event, we wanted to break it down and highlight what Scout’s looking forward to… read more

Selling Superstar: Meet Marco Siragusa, Senior Enterprise Account Executive

In our Meet the Scouts series, we get to know the people who make the Scout magic possible. This week, we’re featuring Marco Siragusa, Senior Enterprise Account Executive. Marco’s first-hand experience with painful RFPs piqued his interest in Scout’s revolutionary sourcing and supplier engagement platform and ultimately led him to join our team. In less… read more

Back to School: 5 More Ways to Up Your Negotiation Game

Fall is in the air and we’re going back to school for negotiations! Like all things, negotiating well takes practice. As we saw in our post a couple of weeks ago, it’s always easier to learn from experts who’ve mastered the craft. Ready for more tips to level-up your negotiation skills?  Read on to find… read more