GDPR and the Tendering process - MLP Law

GDPR and the Tendering process

  • Employment Law
  • 24th Apr 2018

The new data protection regulations, or GDPR as it is most commonly known, comes into force on 25 May 2018. The new rules have introduced heightened processes which every business must undergo when handling and processing personal data. The latest challenge for businesses is to the consider the ramification if they are not complying with […]

By Stephen Attree

MLP Law

The new data protection regulations, or GDPR as it is most commonly known, comes into force on 25 May 2018. The new rules have introduced heightened processes which every business must undergo when handling and processing personal data.

The latest challenge for businesses is to the consider the ramification if they are not complying with the new regulations. The fines imposed and reputational damage caused by not complying are significant. As such, organisations are looking at their supply chains in order to protect themselves. Controllers are liability for their compliance with GDPR and will only appoint processors who can provide sufficient guarantees that the requirements of the GDPR will be met and the rights of data subjects protected.

Many public and private tenders are increasingly asking suppliers if they are GDPR compliant. We’re becoming more aware of scenarios such as this, especially in the construction industry. Businesses are being asked:

  1. if they are GDPR compliant;
  2. if they are maintaining Data Processing Records; and
  3. whether their standard contract terms include the new GDPR mandatory provisions.

It is not going to be satisfactory to simply answer yes. In order to get through the tender process, you need to show you are being complaint and provide evidence. Ensure your future tendering efforts don’t go to waste merely by a lack of GDPR compliance. It will be good practice to ensure your business compliant with GDPR, regardless, in the event of an ICO audit being carried out on your business.

When a data controller uses a processor, it needs to have a written contract, or a Processor Agreement, in place so that both parties understand their responsibilities and liabilities. A Processor Agreement will also help increase data subjects’ confidence in the handling of their personal data.

If you would like to contact someone from the Employment team about any of the issues in this blog, please email employment@mlplaw.co.uk. Alternatively, please call 0161 926 9969.

Don’t forget to follow us on Twitter @HRGuruUK for important updates and news.

 

 

About the expert

Stephen Attree

Managing Partner

Stephen is the Owner of MLP Law and leads our Commercial, IP and Dispute Resolution teams which provide advice on all aspects of the law relating to mergers, acquisitions, financing, re-structuring, complex commercial contracts, standard trading terms, share options, shareholder and partnership agreements, commercial dispute resolution, joint venture and partnering arrangements, IT and Technology law, Intellectual Property, EU and competition law, Brexit and GDPR.

Areas of expertise

Interested in working with Stephen?

Let’s start by getting to know you and your business - either on the phone or in person. Complete the form below and we’ll be in touch shortly.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.