British supply chain businesses face £300bn in fines as GDPR deadline looms

By James Henderson
Approximately 570mn procurement contracts in the UK remain non-compliant to new General Data Protection Regulations (GDPR), resulting in a potential £3...

Approximately 570mn procurement contracts in the UK remain non-compliant to new General Data Protection Regulations (GDPR), resulting in a potential £300bn worth of fines.

That’s according to Cheshire-based procurement advisory firm, Odesma, which has today warned that, unless organisations act quickly, they will not meet the new requirements ahead of the May 25th deadline.

With up to one million procurement and supply chain businesses in the UK currently falling foul of the new guidelines, Odesma has launched a professional solution to help deliver compliant contracts within the next four months.

The service, named The Contracts Factory, handles all GDPR contract compliance to ensure that companies not only have a system in place for new contracts to adhere to, but that deals with thousands of existing contracts which also need to comply.

Nick Ford, Executive Director of Odesma, explained: “Though many businesses have begun the journey to compliance, GDPR presents a challenge to procurement, with a number of external supplier interactions needed and the whole transactional process to navigate – all of which need to be managed and controlled in a tightly structured manner.

"Having spent the past two years working with procurement and supply chain teams to deliver GDPR-compliant programmes, we’ve developed a unique understanding of what is needed to achieve the right level of compliance. The process is complex and time-consuming, and when you consider that some companies will be dealing with 2,000 contracts or more, the task can become overwhelming.


“We developed The Contracts Factory to ease that legal burden and remove the pressure from already stretched procurement and supply chain teams. Our experience means we can manage the whole process much more efficiently than the organisation could alone. We’re working with hundreds of businesses already and expect demand to substantially increase the closer we get to the May deadline.”

The GDPR regulations are intended to strengthen and unify data protection for all individuals within the European Union. For procurement, the regulation will affect every contract that is still live and has an element of data that needs protection, for example data identifying an individual or company.

Ford added: “GDPR is a complex and serious legal concern that should be considered at boardroom level. While contract authoring software and compliance checking software are important factors, a more specific solution – such as The Contracts Factory - is required if businesses are to meet their legal obligations and avoid the severe financial penalties and reputational damage that could come from non-compliance.”

Simply finding and retrieving contracts can be time consuming – they may be years old, there may be duplicates, some will be on paper and others will be on email, according to Odesma Then the process of gaining compliance adds to the challenge, and requires a highly structured process that can identify relevant contracts, specify the clauses or deeds that need to be added, analyse them and send them to suppliers for sign off. Once all of this has been achieved, amendments must be legally bound before full compliance is achieved.

A specialist team of 10 would typically take around three months to get a company and its contracts to full GDPR compliance, emphasising the significance of the task ahead.


Featured Articles

Disruptive supply chain tech for 2023 - FourKites

Delbert Cope, CTO at supply chain visibility platform FourKites, on the tech likely to have the biggest impact for supply professionals in 2023

Blockchain strengthening links in supply chain

Though use of blockchain solutions in supply chain is still relatively low, Tech Mahindra is among pioneers driving its adoption

Earthquake tech inspired Partsch to invent SCM in 1970s

In the late 1970s, physicist Dr Wolfgang Partsch - the father of supply chain management - used science as the basis for his revolutionary concept of SCM

SaaS bloat 'hitting procurement bottom lines'

Digital Supply Chain

Cold chain logistics 'flying blind' - Tive & FreightWaves


Logistics innovation 'hampered by C-suite, cash & staffing'

Digital Supply Chain