Remember these key messages and tips to help minimise the risk of your procurement experiencing a data or privacy breach:
Value your DataFrom the outset, think about the value of the data that your supplier will collect or have access to during the arrangement. This will enable you to determine the appropriate information handling and privacy requirements you'll need.
Choose the Right SupplierEnsure that your information handling and privacy requirements are part of your sourcing plan and clearly set out in your market facing documents. Award a contract to a supplier who can demonstrate a good track record of understanding and implementing privacy and data security.
One size does not fit allYour risk management strategy needs to be proportionate and tailored to the size and activity of your procurement. Data heavy supply arrangements may need to consider additional protections, including how information will be managed when a supplier transitions out.
Monitor your supplier's performance against the contractThe words in the agreement are important, but ongoing contract management is necessary for early detection of possible data and privacy breaches.
If you'd like assistance on managing your suppliers to meet your information handling obligations, please contact: