Relatively few businesses currently (as at the start of 2018) produce data protection information notices for supplier personnel. Nonetheless, businesses often act as data controllers with respect to the personal data of such personnel. Under data protection law, data controllers are obliged to provide to information about processing activities to data subjects. The provision of that information to supplier personnel is the basic function of this notice.
This notice reflects the specific requirements of the General Data Protection Regulation (GDPR). In addition, this document was designed with one eye upon the relevant regulatory guidance from the EU and UK authorities.
With the GDPR coming into force, businesses inside and outside the European Union are investing heavily in improving their data protection compliance profiles. Accordingly, we expect this type of information notice will become more common in the future.