Procurement contracts face challenging route to compliance
Approximately 570 million procurement contracts in the UK remain non-compliant to new General Data Protection Regulations (GDPR), resulting in a potential £300bn worth of fines. That’s according to Cheshire-based procurement advisory firm, Odesma, which has today warned that, unless organisations act quickly, they will not meet the new requirements ahead of the May 25th deadline.
Simply finding and retrieving contracts can be time consuming – they may be years old, there may be duplicates, some will be on paper and others will be on email. Then the process of gaining compliance adds to the challenge, and requires a highly structured process that can identify relevant contracts, specify the clauses or deeds that need to be added, analyse them and send them to suppliers for sign off. Once all of this has been achieved, amendments must be legally bound before full compliance is achieved.
With up to one million procurement and supply chain businesses in the UK currently falling foul of the new guidelines, Odesma has launched a professional solution to help deliver compliant contracts within the next four months.
The service, named The Contracts Factory, handles all GDPR contract compliance to ensure that companies not only have a system in place for new contracts to adhere to, but that deals with thousands of existing contracts which also need to comply.
Nick Ford, Executive Director of Odesma, explained: “Though many businesses have begun the journey to compliance, GDPR presents a challenge to procurement, with a number of external supplier interactions needed and the whole transactional process to navigate – all of which need to be managed and controlled in a tightly structured manner.
“Having spent the past two years working with procurement and supply chain teams to deliver GDPR-compliant programmes, we’ve developed a unique understanding of what is needed to achieve the right level of compliance. The process is complex and time-consuming, and when you consider that some companies will be dealing with 2,000 contracts or more, the task can become overwhelming.
The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union. For procurement, the regulation will affect every contract that is still live and has an element of data that needs protection, for example data identifying an individual or company.
Nick concluded: “GDPR is a complex and serious legal concern that should be considered at boardroom level. While contract authoring software and compliance checking software are important factors, a more specific solution is required if businesses are to meet their legal obligations and avoid the severe financial penalties and reputational damage that could come from non-compliance.”