Embedding Data Protection Compliance into the Supplier Procurement Process

Category: Data Transfer Management / Accountability

Customer: Government Agency

We worked with a Government agency to ensure that data protection compliance considerations were considered in their procurement process. We had to consider that the agency would procure products and services from a diverse supplier base. This required a robust process that could be flexible enough to apply to complex projects involving outsourcing high risk processing activities and to small suppliers who were providing services that carried negligible processing risks. We built a due diligence process that ensures the appropriate level of due diligence is applied and does not prevent smaller suppliers from engaging on the agency contracts while ensuring all compliance considerations are taken into account.

Join Our Newsletter

Sign-up to receive news and information from Fort Privacy

Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information

Ode to DPO’s managing GDPR risk

27 June 2023

The General Data Protection Regulation is “risk” based legislation.  This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities.  It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.

Get your head above the crowd and KPI your Data Protection Programme

03 March 2023

Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.

Scroll to top