11 Years Ago Today I Launched This Blog

20/05/2018 23:03 | Share


Procurement Insights Logo

The Blog’s First Banner May 2007


It is hard to believe that this blog was launched 11 years ago today. It doesn’t seem that long of a period, yet in many ways, it feels like a lifetime (in a good sense).

From the early days when I wondered if I would get an echo of interest from what was then a virtual and vast sea of potential readers, to the more than 25,000 who have come to follow me over the years, you have made this a special and worthwhile labor of love.  Because of your loyalty dear readers, and even though I never envisioned writing this blog for 11 years when I started, you have given me both the encouragement and inspiration to contemplate dare I say a possible 20th anniversary.

Thank you,

JWH Signature small


Upgrade Power Distribution to Thermobaric Energetic Materials Processing (TEMP) Facility

18/05/2018 15:34 | Share

Renovation of a military facility in Ralston, Alberta. Completed plans call for the renovation of a military facility. Reference Number 0000091666 Source ID FD.CC.ON.862549.C89872 The work includes, but is not necessarily limited to, the supply of labour, material, supervision and equipment necessary to upgrade the electrical sufficiently to support the existing/new equipment on site in […]

The post Upgrade Power Distribution to Thermobaric Energetic Materials Processing (TEMP) Facility appeared first on

GDPR: What is Required of Processors / Controllers? (Part VII)

17/05/2018 02:53 | Share

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at

In our last article we noted that a key concept under GDPR (with respect to any data that potentially contains data that could identify an individual person) is the difference between a controller and processor, and what requirements are placed on each. Generally speaking, a spend analytics (service) provider will be a processor and may meet the requirements of a controller (and may not). [It all depends upon whether the customer provides them an ability to determine the purpose and/or means of data processing. In most cases, the provider will have some leeway and will be a controller as well.]

So, what does the regulation require of a processor/controller?

The first fundamental change is around where either the controller or the processor is not established within the Union.

In this case, suppliers will need to designate in writing a representative within the European Union.

“The representative shall be mandated to be addressed by supervisory authorities and data subjects for the purposes of the Regulation. Designation of a representative does not absolve controller or processor from legal liabilities”.

Simply, it means if you are outside of the EU, and you process any personal data that originates from within the EU area, you must have a representative within Europe.

This creates a range of issues as it may well imply that any provider that services data from multiple countries may require multiple representatives. It is likely that multiple representatives may be required as each supervisory authority within each European Country may require a representative.

However, given the volume of suppliers that are involved in managing and processing personal data outside of the European Union for EU clients, how well Supervisory Authorities can manage and track these volumes of suppliers is questionable. However, the fundamental shift in the regulation is that legally, suppliers must now declare that presence. If there are data breach problems later, and an investigation is required, it may well generate a much wide range of breach elements. Like unpicking the thread on a sweater, the Supervisory Authority has wide ranging investigative powers.

For those that opt to process or control personal data from the European-Union, the new Regulations contain a suite of additional procedural requirements. We will start to cover these elements in the next article. However, if you are unsure around the legal elements, as we have said on several occasions, we suggest you consult a Legal firm who specialises in the Regulations.

Thanks, Tony.

ISM 2018: The digitization of procurement

15/05/2018 23:51 | Share

NextGen supply chain technologies were front and center at ISM.

Revealed: Spend Matters' 50 Providers to Know in procurement

15/05/2018 23:51 | Share

Spend Matters has unveiled its 2018 list of 50 companies that it says are raising the bar in the pro…

Load more