Skip to main content



Avetta agrees to acquire Pegasus. Read More

Global Supply Chain Compliance with GDPR

By Avetta Marketing
September 19, 2020
4 minutes
Global Supply Chain Compliance with GDPR

By now you have probably heard the acronym GDPR, especially within the context of international business. In summary, the European Union is taking steps to protect the data of individuals and businesses by enacting tough new laws. One of the components of these laws is the General Data Protection Regulation which will affect any business that offers goods or services to Europe. Supply chains that work with entities in the EU need to ensure that they are meeting the GDPR compliance requirements by the time the laws take effect in May of this year.

Preparing for GDPR

The practices discussed here aren’t meant to be comprehensive, but there are sensible steps to take. The first is knowing exactly what the complete supply chain system looks like. Companies must carry out a full audit of the supply chain to ensure data is being used and safeguarded correctly. With May a little over a month away, effort should be focused on where risk is highest from a data privacy perspective.

Identify what data will be collected, what will be shared, the data’s purpose, how long it can be kept, and what happens to the data at the end of the contract. These specifics should be written into every new supplier contract and added to every existing supplier contract. This would be an excellent time to review supply chain partners’ access to data to ensure they aren’t receiving information they don’t need.

Transparency and accountability are also key elements of GDPR. One of the mandates is that businesses must have a breach log to record and track any data breach – large or small, actual or suspected. While specifics on what details need to be contained in the log haven’t been defined, the best practice is to record as much information as possible. At a minimum, the log should contain when the breach took place, how the breach happened, the response to the breach, and the identities of stakeholders who managed the response. This information will help demonstrate an intent to comply.

It’s important to remember that – among many new rules – GDPR introduces a new accountability principle. This means that a company needs to not only comply but also demonstrate compliance. Comprehensive but proportionate governance measures are required, showing data protection compliance measures have been integrated into data processing activities at all stages.

GDPR Reaches Outside the European Union

All supply chains that extend outside of the EU must handle all data that passes through the EU as if it were still contained within the EU. So, if a supplier collects data from within the EU and then passes that data outside of the EU, then that data is still subject to GDPR. If that data is handled out of compliance anywhere along the supply chain, then the company handling the data incorrectly is exposing themselves to tremendous fines that can include 20 million euros or 4% of annual global turnover.

Building a supply chain that is compliance system that is GDPR compliant starts with working with partners you can trust. Avetta is your first step in discovering suppliers, vendors, and contractors that focus on safety, regulation compliance, and certifications.

For more information about Avetta's Contractor Management software, Contractor Prequalification or Supply Chain Risk Management, visit, email [email protected] or call 844.633.3801.

Subscribe to our Blog

More from the Avetta Blog

Contractor Management, C-Suite, Facilities, Health & Safety, Insurance, Legal, Operations, Procurement, Risk Management, Sustainability, Other
June 23, 2021
Contractor Management, C-Suite, Facilities, Health & Safety, Insurance, Legal, Operations, Procurement, Risk Management, Sustainability, Other
June 17, 2021
Contractor Management, Facilities, Operations, Risk Management, Sustainability
June 6, 2021
Contractor Management, C-Suite, Facilities, Insurance, Legal, Operations, Risk Management, Sustainability
May 27, 2021
Upcoming Events
June 22, 2021
Safety Leaders Summit Canada
June 22, 2021 | 2:00pm EDT
Beyond Compliance: A Deeper Look into Safety Management Systems
June 22, 2021
Focus Network Virtual Roundtable | Evolution of Data Feeds & Tech and Managing the Noise – Intelligence in Procurement
Jun 22, 2021 | 12:00 pm CT
The Evolution of Safety: Lessons Learned from Real Events in History
June 29, 2021 | 12:00pm CT
The Increasing Role of ESG Compliance in the Supply Chain
JUNE 29, 2021 | 3:00PM ET
Mitigating Third-Party Risk in the Digital Supply Chain: Best Management Strategies Explored
August 25 - 27, 2021
Myrtle Beach, South Carolina
ASSP Region 6
August 31 - September 2
Nashville, TN
VPPPA Safety +
September 13 - 15, 2021
Hydbrid | Austin, TX and Virtual
ASSP Safety 2021