Assessing your supply chain is more important now than ever, particularly as we rely so much on international suppliers and distributors as well as physical and digital supply chains. We have learned to address issues in the supply chain, such as bribery, competition, modern slavery, and intellectual property; however, more recently we have had to consider geopolitical issues, import and export controls, and other compliance and ethics issues.
Europe has, of course, had the General Data Protection Regulation (GDPR) in force for nearly five years. Among other things, it places a liability on data controllers to contractually control their processors and subprocessors through the chain that uses, shares, and transfers personal data. Articles 24, 28, and 32 of the GDPR deal with responsibilities of data controllers, data processors, and data security measures. Add to this the new Digital Markets Act and the Digital Services Act, which place duties on large suppliers of digital services to manage their legal and ethical obligations.