Skip to content

GDPR in the purchasing department

GDPR in the purchasing department – preparing the company

GDPR is a popular name for the General Data Protection Regulation. The implementation of the GDPR by many experts is referred to as the revolution in the management of personal data in enterprises.

It’s not even about the amount of penalties that entrepreneurs may be charged after the amended law comes into force – although these are very high and can amount to as much as 4% of annual revenue or EUR 20 million! – but also about the scope of changes in everyday functioning that Polish companies must implement.

GDPR in the purchasing department?

Available publications dealing with the subject matter of the Regulation very often describe its impact on sales, marketing, HR and payroll departments. However, it is worth remembering that the GDPR applies to all areas of the company’s operations. Therefore, when taking actions, you shouldn’t omit the purchasing department and the supply chain management area.

Therefore, all actions undertaken such as:
• audit of personal data processed so far,
• control of received and held consents to data processing,
• analysis of contracts with suppliers,
• implementation of new data administration policies,
should also apply to purchasing processes.

It is worth remembering that GDPR is not a one-off event – it will not end on the day of its entry into force, ie on May 25, 2018. As part of the amended law, the protection of personal data will be an ongoing process. This means that you need to regularly monitor the effectiveness of the implemented policies and tools.

At Eveneum, we help clients prepare for the GDPR. We also design top-class data monitoring programs that avoid problems on the day of implementation as well as in the future. Feel free to contact us!