Approximately 570 million procurement contracts in the UK remain non-compliant to new General Data Protection Regulations (GDPR), resulting in a potential £300bn worth of fines.
That's according to Cheshire-based procurement advisory firm, Odesma, which has today warned that, unless organisations act quickly, they will not meet the new requirements ahead of the May 25th deadline.
With up to one million procurement and supply chain businesses in the UK currently falling foul of the new guidelines, Odesma has launched a professional solution to help deliver compliant contracts within the next four months.
The service, named The Contracts Factory, handles all GDPR contract compliance to ensure that companies not only have a system in place for new contracts to adhere to, but that deals with thousands of existing contracts also comply.
Nick Ford, Executive Director of Odesma, explained: "Though many businesses have begun the journey to compliance, GDPR presents a challenge to procurement, with a number of external supplier interactions needed and the whole transactional process to navigate - all of which need to be managed and controlled in a tightly structured manner.
"Having spent the past two years working with procurement and supply chain teams to deliver GDPR-compliant programmes, we've developed a unique understanding of what is needed to achieve the right level of compliance. The process is complex and time-consuming, and when you consider that some companies will be dealing with 2,000 contracts or more, the task can become overwhelming.
"We developed The Contracts Factory to ease that legal burden and remove the pressure from already stretched procurement and supply chain teams.
Our experience means we can manage the whole process much more efficiently than the organisation could alone. We're working with hundreds of businesses already and expect demand to substantially increase the closer we get to the May deadline."
The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union. For procurement, the regulation will affect every contract that is still live and has an element of data that needs protection, for example data identifying an individual or company.
Nick concluded: "GDPR is a complex and serious legal concern that should be considered at boardroom level. While contract authoring software and compliance checking software are important factors, a more specific solution - such as The Contracts Factory - is required if businesses are to meet their legal obligations and avoid the severe financial penalties and reputational damage that could come from non-compliance."
Simply finding and retrieving contracts can be time consuming - they may be years old, there may be duplicates, some will be on paper and others will be on email.
Then the process of gaining compliance adds to the challenge, and requires a highly structured process that can identify relevant contracts, specify the clauses or deeds that need to be added, analyse them and send them to suppliers for sign off. Once all of this has been achieved, amendments must be legally bound before full compliance is achieved.
A specialist team of 10 would typically take around three months to get a company and its contracts to full GDPR compliance, emphasising the significance of the task ahead. The Contracts Factory is currently handling hundreds of contracts per week with dedicated resources for each assignment, however, with significant scalable capacity, this is expected to grow to thousands of contracts per week.