Vendor Centric Blog

GDPR 101 and its Impact on Vendor Management

June 14, 2018


With the new General Data Protection Regulation (GDPR) in effect, companies across the globe are attempting to discern whether the new law applies to their business, and if so, how they can become compliant as to avoid any potential fees.

As usual, massive regulation is yielding little guidance. To shed some light on this issue and get to the bottom of the newly enacted laws, Vendor Centric CEO Tom Rogers interviewed Alan Tilles, Partner at the law firm Shulman Rogers.  Alan is an expert in data privacy and telecommunications law, and has been supporting businesses across the U.S. to get compliant with the GDPR.

Here are a few of the highlights from the interview.


  • GDPR is intended to give the owner of private information (PI) the right over who has access to it, as well as the right to be promptly notified if it was breached. It became effective May 25, 2018. 

  • Many, if not most, U.S.-based establishments need to be compliant with GDPR. ”Even if you think you don’t conduct any business in Europe, Alan suggests you ask yourself these four questions before you ignore it completely:

    • Do you take credit cards?

    • Do you not restrict who you take credit cards from? 

    • Do you do business with non-U.S. citizens?

    • Do you have a mailing list?

  • There are significant penalties for noncompliance. Some of the sanctions that can be imposed on companies include a fine of up to 10 million euros, or 2% of annual worldwide turnover of the preceding financial year, whichever is greater; or up to 20 million euros or 4% if infringement of other provisions occur. 

  • Alan advises to start simple - update your privacy notices on your website. One of the changes in GDPR is that website privacy notices must be more informative and be stated in plain English. 

  • One other key point noted was that companies need to ensure certain vendors are complying with these regulations too.  “If vendors are doing things like processing credit cards or creating mail lists for you, it’s your responsibility to ensure that they are complying on your behalf.”

Listen to the full interview with Alan Tissel by listening to our podcast titled, “GDPR and Vendor Management: Rethinking Privacy.”


Vendor Centric is your one-stop-shop for vendor management. We take a best practice approach to delivering our consulting, software and managed services.  Learn more about our Vendor Management Framework, and how you can adopt a best practice approach to managing risks, costs and compliance with your vendors too.


Please reload

Subscribe to the

Vendor Centric 


Subscribe to the

Vendor Centric 




Rethinking Vendors

Our flagship publication shares our philosophy on power and untapped value of vendor relationships.

The Nonprofit CFO's Guide to Virtual Credit Cards


A step-by-step guide to automating a/p payment processing and creating new streams of revenue.

Subscribe to

Our Podcast

Related Blog Posts

Please reload

Quick Links

Contact Us

9841 Washingtonian Boulevard Suite 200 Gaithersburg, Maryland 20878


(240) 813-1170

Follow Us

  • Vendor Centric Facebook
  • Vendor Centric Twitter
  • Vendor Centric LinkedIn

Subscribe to our newsletter

Subscribe to our

Rethinking Vendors Podcast

Vendor Centric Podcast

Copyright © 2018 Vendor Centric. All rights reserved.