Before any organization can do business with an external vendor, it needs to examine its data privacy protocol against new legal requirements. Recent legislations like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the U.S. has cast a spotlight on the handling of consumer data, especially the way it is shared among third parties. Organizations of all sizes in every industry are upgrading the vetting processes to make sure that new vendors don’t bring additional risks.
These risk assessment processes contain several moving parts, and a mistake at any point along the way can jeopardize the result. The easiest way to pinpoint the holes in your organization's vendor vetting workflow is to review the entire process from beginning to end and examine the opportunities for data privacy lapses. Here are four common pitfalls to look for:
1. Overlooking Contract-level Details
Amid all the changes happening to the regulatory landscape, it’s easy to overlook errors in the language of your contracts. In a short window of time, contract language—on old and new agreements—needs to be updated to provide consumers with new legal protections and redefine business-to-business relationships with any party that touches consumer data. If contracts are being negotiated in that window, some terms might slip through the cracks and expose you to new risks.
What is your role and what are your day-to-day responsibilities?
As a Pre-Sales Director at Icertis, I am a solution consultant. I work collaboratively with companies to understand their unique business challenges and uncover the specific value Icertis solutions will provide. Often, I explain and demonstrate the “art of the possible.” Many folks think of contract software solutions in terms of a module or repository with authoring tools, and I help them see the bigger picture of the true value an enterprise-level contract management system can provide.
What is something that you wish more people knew about sourcing and procurement?
For folks outside of sourcing and procurement organizations, I wish more people knew how critical the sourcing and procurement functions are to a business. The contracts that sourcing and procurement professionals deal with every day govern every dollar spent and are essential to optimizing the business and accelerating commerce. But it’s not only about the dollars, cents and saving money. It’s also about reducing risk by working with the right suppliers with mutually beneficial terms and ensuring that everything is captured and tracked in contracts. I see sourcing and procurement as a longer-term, strategic function, not just tactical.
Avoiding Common Pitfalls in Vendor Data Privacy Risk Assessment
Before any organization can do business with an external vendor, it needs to examine its data privacy protocol against new legal requirements. Recent legislations like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the U.S. has cast a spotlight on the handling of consumer data, especially the way it is shared among third parties. Organizations of all sizes in every industry are upgrading the vetting processes to make sure that new vendors don’t bring additional risks.
These risk assessment processes contain several moving parts, and a mistake at any point along the way can jeopardize the result. The easiest way to pinpoint the holes in your organization's vendor vetting workflow is to review the entire process from beginning to end and examine the opportunities for data privacy lapses. Here are four common pitfalls to look for:
1. Overlooking Contract-level Details
Amid all the changes happening to the regulatory landscape, it’s easy to overlook errors in the language of your contracts. In a short window of time, contract language—on old and new agreements—needs to be updated to provide consumers with new legal protections and redefine business-to-business relationships with any party that touches consumer data. If contracts are being negotiated in that window, some terms might slip through the cracks and expose you to new risks.