Tag Archives: Contract Management Benefits



The General Data Protection Regulation aims to strengthen the protection of personal data. The current data legislation dates back to 1995 with the Data Protection Directive which has a lack of harmony and has not evolved to deal with the current uses for Data eg marketing. The principles remain the same but the new policy is meant to update standards to fit today’s technology which has changed dramatically since 1995. Today, there are 3 billion internet users compared to 16 million 20 years ago, with the rise of social networks. The GDPR affects all businesses operating within the EU: EU Companies that process personal data, Non-EU companies who offer goods or services to individuals in the EU and Non-EU companies who monitor individual’s behaviour that takes place in the EU. It will come in effect on May 25th 2018 and we have to make these changes now to ensure that we are compliant.


  • CONSENT : Permission and consent are required to send marketing information. The consent must be unambiguous, informed and freely given. Prior to giving consent, data subjects (individuals whom particular personal data is about) must be informed of the right to withdraw consent at any time and it must be easy for them to do so. For children under 16, a parent or guardian must give his approval.
  • RIGHTS FOR DATA SUBJECTS : Right to be informed, Right to access, Right to rectification, Right to erasure, Right to restrict processing, Right to data portability, Right to object, Rights in relation to automated decision making.
  • DATA BREACHES : for example the destruction, loss, alteration, unauthorised disclosure of or access to personal data, human error. New mandatory obligation to notify data breaches to the regulator ASAP but not later than 72 hours and if notification is not made after 72 hours a reasoned justification is needed.
  • ADMINISTRATIVE FINES AND COMPENSATION : Under the GDPR, data subjects will have a right to sue and recover material or non-material damages, e.g. loss of personal data, damage to reputation, loss of confidentiality. The current maximum fines are €3000 but GDPR fines are up to €20 million or 4% of the Turnover.
  • INCREASED TERRITORIAL SCOPE : The policy applies to all companies processing the data of E.U. subjects , regardless of the company’s location.
  • PRIVACY BY DESIGN : Data protection has to be included in the initial system design rather than added later.




1/ AUDIT :

  • You are required to document what personal data you hold, where it came from and who you share it with.
  • It is recommended to conduct an information audit across the organisation or within particular business areas which need to be GDPR compliant.


  • You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in common used format.
  • You should identify the lawful basis for your processing activity in the GDPR, document it and update your notices.


  • You should update your procedure for dealing with subject requests to handle them within the new timescales;
  • You should review how to seek, record and manage consent and whether you need to make any changes.
  • You should also put a system in place to verify individuals’ age and to obtain parental or guardian consent for any data processing activity.
  • Finally you should make sure you have the right procedures in place to detect, report and investigate a personal data breach.


  • After updating the data protection policy, it is important to review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  • They have to be concise and in an easy-to-read format with limited legalese.
  • They must include : identity and contact details of the controller and the Data Protection Officer; purposes and legal basis for the processing; recipients of the personal data; retention periods; details on the right to access to personal data and rectification or deletion of it; right to withdraw consent; …


  • The subject matter and duration of the processing
  • The nature and purpose of the processing
  • The type of personal data and categories of data subject
  • The obligations and rights of the controller


You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure. A Data Protection Officer can be outsourced to assist you in managing your organisation on its journey to becoming GDPR compliant . If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority.


  • You should ensure that everybody is aware that the law is changing to the GDPR (mostly decision makers and key people) so they can start identifying areas that could cause compliance issues.
  • You then have to train relevant staff and teach them how GDPR affects their role.



Map the flow of personal data through supply chains. Identify recipients of personal data, including sub-processors. Note where and how the personal data is processed.

Identify existing supplier contracts that involve the processing of personal data and review the data protection provisions.

Consider the organisation’s approach to risk with existing and new contracts in relation to GDPR compliance. The financial risks posed by the regulation may change the risk profile of data processing contracts, necessitating a different approach Not sure what was meant here?? and data security breaches.

Carry out adequate due diligence on new suppliers to check their GDPR compliance, obtain guarantees regarding the measures that suppliers have in place and ensure there are rights of audit within the contract together with the other mandated data processing provisions.

Check whether existing insurance policies will cover data protection and security breaches including breaches by suppliers.

Check internal systems to ensure that processes are in place to enable the organisation to satisfy the 72-hour breach notification requirement.



For more information : https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ OR https://gdprandyou.ie/organisations

Are you ready for GDPR ? make sure you have not forgotten anything thanks to this MCQ

You can also consult the Irish Data Protection Authority website.

Pixalert can help you by providing a software which locates all credit card data and critical data in your network to be GDPR compliant.


To assist you on how to get started and what GDPR means to your business, ISME Skillnet have designed GDPR Preparation training sessions called GDPR Essentials for SMEs specifically aimed at SMEs and business owners.

The first session in this series on Thursday, 15th February in the Clayton Hotel, Liffey Valley, Dublin is already booked out.

Additional sessions will take places in:

The Dun Library, Royal College of Physicians, 6 Kildare Street, Dublin on Wednesday 21st February

Clayton Hotel, Silver Springs, Tivoli, Cork on Tuesday, 6th March

Limerick Strand Hotel, Ennis Road, Limerick on Wednesday 7th March


5 Procurement Recommendations for 2015

Recent industry and media reports indicate that the Economy will continue to improve in 2015, while optimism amongst business owners / managers has grown to its highest level since 2008. Higher expectations of business conditions, sales revenues and availability of credit will lead to plans to create more jobs, spend more capital and increased investment across most spend categories within an organisation.

5 Procurement Recommendations for 2015

As we migrate from a backdrop of recent economic pressures to the rosier outlook of 2015 and beyond, it is vital that effective procurement practices are not forgotten but instead implemented at every available opportunity. In recent times, most businesses ‘cut their cloth’, drastically reducing overhead costs so as to survive. These practices should continue to ensue profitability is maximised as the Economy grows over the next 12 months.


While considering your Procurement Objectives for 2015, take note of the following cost-saving and value-generating Procurement Recommendations;


  1. Invest time in Effective Contract Management

With expected growth and expansion across most organisations, no better time exists to invest resources in effective contract management. With the arrival of new employees, new customers, new processes, new office/site/store locations, new technologies and new suppliers, it is paramount that contracts are correctly managed to mitigate risks while taking advantage of procurement opportunities. While trawling through complex documents is a time-consuming exercise, the greater visibility and understanding of goods/services bought, will lead to significant savings opportunities when armed with accurate information. In its most simplest form, effective contract management is priceless when renegotiating contracts with existing suppliers based on larger volumes or while extending favourable contract terms to new locations.


  1. Invest money in New Technologies

Heraclitus was probably talking about Information Technology in c. 500 BC when he said “the Only Thing That Is Constant Is Change”. We are all striving to keep up-to-date with the Internet of Things, Big Data, 3D Printing, the wireless connected world and the explosion of mobile plus wearable devices. Companies are being dragged along on this journey by workforces that are tech-savvy, globally aware and demanding of flexibility in their lives. So whether your IT investments are forced externally (by the likes of Microsoft licenses expiring) or internally from the previously alluded to demanding workforce, when investing money in New Technologies in 2015, ensure;


  • Information security, risks and vulnerabilities are addressed by all service providers as transactions will be mobile, remote and over unsecured public networks.

  • Consolidation is key when replacing legacy systems, operations and processes; leading to reduced administration, training, support, vendor management etc.

  • Do not forget the purpose of the IT change. Technology features often distract from the core business so ensure the solution fits your business, enhances your processes while providing greater transparency and business insights than available before.


  1. Invest with Others [Group Buying]

Since the Stone Age, multinational businesses have benefited from central procurement contracts across some (not all) spend categories. With increased buying power, better prices can be negotiated plus the added benefit of buyer expertise for each category. Similarly, group buying ensures all businesses can be orchestrated into consortia that are responsible for sourcing and managing aggregated contracts on behalf of a discrete group of companies. In fact, this was the first step undertaken by the Office of Government Procurement (OGP) when formed in Ireland in 2013. As with the success of all Procurement activities, ensure quality and performance are paramount as a criterion, not just price, when making final selections, while the following commodity categories should be considered when Group Buying;


  • Utilities: electricity, gas, oil and telecoms

  • Common Services: training, health & safety, professional services etc.

  • Delivery related purchases: stationery, workwear, H&S products, logistics, document storage etc.

  • Facilities Management: cleaning, security, lift/alarm/fire maintenance, landscaping etc.


  1. Divest from higher cost economies

With economies springing back to pre-2008 statuses, increases in wages, operating costs, prices and inflation will follow. Therefore, when the business case exists, it makes sense to globally source specific products and services from lower cost economies. Undoubtedly significant due diligence needs to be undertaken when sourcing such suppliers but ‘stand on the shoulders of giants’ and utilise the expertise from global online marketplaces, niche third-party sourcing companies plus trade bodies such as Asia Trade Forum, Enterprise Ireland, European Enterprise Network, the Ireland-India Business Association etc.


  1. Avoid investing in long-term energy contracts

Energy prices should be at there lowest point in over a decade after crude oil prices more than halved and wholesale gas prices dropped by 27% in the past year. Driven by a global reduction in demand plus gas producers need to relinquish excess Crimea-related stock, energy prices are expected to continue to tumble for the foreseeable future. Businesses throughout the country should be considering variable pricing coupled with shorter-term contracts, to maximise the benefits derived from lower energy prices. We have seen client’s Energy prices drop by 12% in 2014, ensure your business achieves similar discounts in 2015.


Additionally, many companies have prospered by following the advice of Tom Peters, the US management consultant, who encouraged businesses to “do what you do best, outsource the rest”. This unrelenting focus on core competencies provides repeatable and scalable returns for organisations that make that commitment. While outsourcing non-core and distracting activities will drive growth, profitability and success. Have you identified core and non-core activities within your business?


Finally, feel free to share your Procurement Objectives for 2015 with Arvo as we would be delighted to help you;

  1. Improve the effectiveness of your purchasing capabilities

  2. Reduce the administration associated with your purchasing activities

  3. Enhance your purchasing techniques by introducing world-class eProcurement technology

  4. Identify significant bottom-line savings to drive profitability for your business in 2015