The General Data Protection Regulation (GDPR) is an EU regulation that provides a set of standardised data protection laws which are designed to protect the personal data and privacy of individuals within the European Union. As a part of this regulation, procurement practices must ensure that any data they process is done so in a way that complies with GDPR’s seven principles: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality. In addition, organisations must also establish procedures for responding to individuals’ rights requests such as access, rectification and erasure. By adhering to these laws, companies can guarantee that their data processing activities remain secure and compliant.
Want to find out more about procurement?
Access more blogs, articles and FAQ's relating to procurement