Before any organization can do business with an external vendor, it needs to examine its data privacy protocol against new legal requirements. Recent legislations like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the U.S. has cast a spotlight on the handling of consumer data, especially the way it is shared among third parties. Organizations of all sizes in every industry are upgrading the vetting processes to make sure that new vendors don’t bring additional risks.
These risk assessment processes contain several moving parts, and a mistake at any point along the way can jeopardize the result. The easiest way to pinpoint the holes in your organization's vendor vetting workflow is to review the entire process from beginning to end and examine the opportunities for data privacy lapses. Here are four common pitfalls to look for:
1. Overlooking Contract-level Details
Amid all the changes happening to the regulatory landscape, it’s easy to overlook errors in the language of your contracts. In a short window of time, contract language—on old and new agreements—needs to be updated to provide consumers with new legal protections and redefine business-to-business relationships with any party that touches consumer data. If contracts are being negotiated in that window, some terms might slip through the cracks and expose you to new risks.
Around the world, new regulations about the collection and usage of personal data are changing workflows for major organizations. Following the passage of legislation like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA), businesses are auditing privacy practices and creating much stricter guidelines when they select partners and vendors.
With tighter regulations about the way consumer data is collected and used, organizations have to increase scrutiny for every party that has access to personal data. The entire system is only as secure as the weakest part, so it’s more important than ever to vet external parties and maintain visibility into their data practices. Here are eight vital steps organizations can take to ensure that vendors aren’t jeopardizing data privacy compliance.
Step 1: Audit Your Existing Data Privacy System
Before you do anything else, examine what’s currently in place to understand the changes that need to be made to maintain compliance with new regulations. You want to avoid reinventing the wheel and make adjustments without slowing down the business or adding risks.
After that self-examination, conduct the same check on your network of vendors. It’s imperative that you have a 360-degree understanding of vendors’ business practices and overall reliability before entering or continuing business relationships.
COVID-19 has created a ripple effect of disruption through supply chains across the world, causing many companies to assess their weak spots and reevaluate their operations to ensure future resiliency and continuity.
Rebounding from the current crisis with more solid resilience is itself creating immense value. Forward-thinking companies are looking a step further, perhaps with the climate crisis clearly in view. They are leveraging sustainability and purpose – with an upside creating long-term value across a wide range of business levers, from competitive differentiation, grow sales revenue, supplier innovation to support future circular business models, talent recruitment and retention.
Procurement’s Key Role in Turning Purpose into Profit
With momentum growing toward stakeholder capitalism, businesses have made a greater commitment to sustainable purpose through reducing emissions of greenhouse gas, limiting plastic use, providing decent working conditions and more. The recent COVID-19 pandemic has brought risk mitigation and resiliency top-of-mind – and we’re seeing clear proof points that sustainable procurement is the answer.
SIG is always asking our event attendees, current and future members, and readers about their current issues and concerns. I have been tracking and analyzing their responses for almost 10 years now. While cost savings and value-add remain consistent and strong priorities, there's no doubt many are very concerned about meeting pandemic-related needs.
We are blessed to have a community of thought leaders and generous, experienced professionals who are willing to share their experiences and describe their wins.
We offer the following resources in your quest for COVID-19 related items specific to sourcing, procurement, and workforce management. SIG members can continue to search for related articles here.
In the resources listed here, you can learn how to set up crow's nest and a war chest, hear how Sprint/T-Mobile are managing the crisis using AI for their spend analytics, specific procurement best practices for today's market, how technology enhances continuity in your workforce and what happens if and when this is "all over." Plus, so much more.
Risk…it’s a four-letter word. And while it is not as offensive as others, it can have a far worse and much longer-lasting impact on an organization. What is most challenging though is that it can come in many forms, making risk mitigation difficult at best and financially devastating at worst. Geopolitical risk, third party vendors, hackers, terrorists, natural disasters, poorly or inadequately trained staff and other circumstances make the global supply chain vulnerable to disruption, costing businesses millions of dollars annually. This is never so apparent as it is after tragedy strikes an area. Consider Hurricane Florence or the Northern California “Camp Fire”— the damage from these devastating events will be long lasting to the communities they impacted and the businesses that supported them.
According to Resilinc’s Eventwatch report, nearly 2,000 supply chain events took place in 2017, representing a 30 percent increase over 2016. Put in context, this translates to roughly five events per day with approximately 25 percent of them requiring an impact notification. Four of the five most significant 2017 supply chain events (in terms of number of supplier sites impacted, number of parts impacted and average time to recovery) were from extreme weather conditions and include late winter storms in the northeast as well as Hurricanes Harvey, Irma and Maria. More than a year later, Caribbean islands like Puerto Rico and the U.S. Virgin Islands are still trying to recover and will likely see years pass before their economies rebound.