Embedding Data Protection Compliance into the Supplier Procurement Process

We worked with a Government agency to ensure that data protection compliance considerations were considered in their procurement process. We had to consider that the agency would procure products and services from a diverse supplier base. This required a robust process that could be flexible enough to apply to complex projects involving outsourcing high risk processing activities and to small suppliers who were providing services that carried negligible processing risks. We built a due diligence process that ensures the appropriate level of due diligence is applied and does not prevent smaller suppliers from engaging on the agency contracts while ensuring all compliance considerations are taken into account.