In the latest briefing "GDPR and consumer business supply chains" in our Future of Consumer series, we examine how GDPR regulatory requirements with respect to data are resulting in commercial scrutiny of privacy provisions in supply chains as parties try to ensure that they are not left with a data liability gap. Further, where customer data analytics are being used to derive value, thorough due diligence will be needed throughout the supply chain together with robust data protection mechanisms.
In our Future of Consumer series, we have previously explored how supply chain management is business critical in the consumer goods and retail sectors. Good management ensures that the right goods and ingredients get to market when they are freshest, when there is demand, in time for any promotions, and at the lowest cost. However, supply chains are also often engaged in relation to the processing of consumer data, including consumer preferences, purchasing history, financial and credit card details, and data analytics.
In a world where data is fast becoming a company's most valuable asset, engaging a service provider to process personal data on behalf of a company is commonplace. However, since 25 May 2018, the advent of the EU General Data Protection Regulation ("GDPR") has triggered specified regulatory requirements with respect to any commercial agreement involving the processing of personal data.
Previous editions of Herbert Smith Freehills' Future of Consumer series can be found here.