Skip to main content


Can you beat the experts in this safety quiz? Take the challenge

Global Supply Chain Compliance with GDPR

By Avetta Marketing
September 19, 2020
4 minutes
Global Supply Chain Compliance with GDPR

By now you have probably heard the acronym GDPR, especially within the context of international business. In summary, the European Union is taking steps to protect the data of individuals and businesses by enacting tough new laws. One of the components of these laws is the General Data Protection Regulation which will affect any business that offers goods or services to Europe. Supply chains that work with entities in the EU need to ensure that they are meeting the GDPR compliance requirements by the time the laws take effect in May of this year.

Preparing for GDPR

The practices discussed here aren’t meant to be comprehensive, but there are sensible steps to take. The first is knowing exactly what the complete supply chain system looks like. Companies must carry out a full audit of the supply chain to ensure data is being used and safeguarded correctly. With May a little over a month away, effort should be focused on where risk is highest from a data privacy perspective.

Identify what data will be collected, what will be shared, the data’s purpose, how long it can be kept, and what happens to the data at the end of the contract. These specifics should be written into every new supplier contract and added to every existing supplier contract. This would be an excellent time to review supply chain partners’ access to data to ensure they aren’t receiving information they don’t need.

Transparency and accountability are also key elements of GDPR. One of the mandates is that businesses must have a breach log to record and track any data breach – large or small, actual or suspected. While specifics on what details need to be contained in the log haven’t been defined, the best practice is to record as much information as possible. At a minimum, the log should contain when the breach took place, how the breach happened, the response to the breach, and the identities of stakeholders who managed the response. This information will help demonstrate an intent to comply.

It’s important to remember that – among many new rules – GDPR introduces a new accountability principle. This means that a company needs to not only comply but also demonstrate compliance. Comprehensive but proportionate governance measures are required, showing data protection compliance measures have been integrated into data processing activities at all stages.

GDPR Reaches Outside the European Union

All supply chains that extend outside of the EU must handle all data that passes through the EU as if it were still contained within the EU. So, if a supplier collects data from within the EU and then passes that data outside of the EU, then that data is still subject to GDPR. If that data is handled out of compliance anywhere along the supply chain, then the company handling the data incorrectly is exposing themselves to tremendous fines that can include 20 million euros or 4% of annual global turnover.

Building a supply chain that is compliance system that is GDPR compliant starts with working with partners you can trust. Avetta is your first step in discovering suppliers, vendors, and contractors that focus on safety, regulation compliance, and certifications.

For more information about Avetta's Contractor Management software, Contractor Prequalification or Supply Chain Risk Management, visit, email [email protected] or call 844.633.3801.

Subscribe to our Blog

More from the Avetta Blog

Contractor Management, C-Suite, Facilities, Health & Safety, Insurance, Legal, Operations, Procurement, Risk Management, Sustainability, Other
January 6, 2022
Contractor Management, C-Suite, Facilities, Health & Safety, Insurance, Legal, Operations, Procurement, Risk Management, Sustainability, Other
December 21, 2021
Contractor Management, C-Suite, Operations, Risk Management
December 9, 2021
Contractor Management, C-Suite, Facilities, Health & Safety, Insurance, Legal, Operations, Procurement, Risk Management, Sustainability
November 19, 2021
Upcoming Events
January 18, 2022
The Workplace After COVID-19
January 19, 2022
Understanding OSHA 1910.134 Respiratory Protection Program Requirements
January 19, 2022
OSHA’s New Rules for Recordkeeping
January 20, 2022
A High-Reliability Safety 10 Minutes a Week per Person!
January 23-25, 2022
Scottsdale, Arizona
EHS Management Institute (IPMI)
January 25, 2022
A Fireside Chat on Connecting EHS with ESG: How Safety Pros Can Influence Sustainable Change
January 26-29, 2022
St. Pete Beach, Florida
Motorola GLMSS Meeting
January 27, 2022
08:45 AM EST
Digital Transformation in Supply Chain
January 27, 2022
Fighting Fatigue in the Workplace