Businesses face £300bn in fines as GDPR deadline looms
About 570 million procurement contracts in the UK remain non-compliant to new General Data Protection Regulations (GDPR), resulting in a potential £300bn worth of fines.
This is according to Cheshire-based procurement advisory firm, Odesma, which has warned that, unless organisations act quickly, they will not meet the new requirements ahead of the May 25 deadline.
With up to one million procurement and supply chain businesses in the UK currently falling foul of the new guidelines, Odesma has launched a professional solution to help deliver compliant contracts within the next four months.
The service, named The Contracts Factory, handles all GDPR contract compliance to ensure that companies not only have a system in place for new contracts to adhere to, but that deals with thousands of existing contracts which also need to comply.
Nick Ford, executive director of Odesma, explained: “Though many businesses have begun the journey to compliance, GDPR presents a challenge to procurement, with a number of external supplier interactions needed and the whole transactional process to navigate – all of which need to be managed and controlled in a tightly structured manner.
“Having spent the past two years working with procurement and supply chain teams to deliver GDPR-compliant programmes, we’ve developed a unique understanding of what is needed to achieve the right level of compliance. The process is complex and time-consuming, and when you consider that some companies will be dealing with 2,000 contracts or more, the task can become overwhelming.
“We developed The Contracts Factory to ease that legal burden and remove the pressure from already stretched procurement and supply chain teams. Our experience means we can manage the whole process much more efficiently than the organisation could alone. We’re working with hundreds of businesses already and expect demand to substantially increase the closer we get to the May deadline.”
The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union. For procurement, the regulation will affect every contract that is still live and has an element of data that needs protection, for example data identifying an individual or company.