Category Archives: Training

GDPR and non-EU Spend Analytics Providers … Mortal Peril? (GDPR Part III)

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

While there has been much debate within EU countries around the preparation for GDPR on the 25th of May, the level of knowledge and preparation for those suppliers of analytics platforms and services outside of the EU remains largely an unknown. Controversially, our assessment is that many customers/suppliers will have ignored it and assumed that it doesn’t apply.

If your spend analysis provider is a large, well-known brand name with a global presence, it is highly likely that they will have opted for the binding corporate rules option. This is a complex and intricate process but is essentially a means of larger data service/analytics providers applying to the EU to establish the provision. The supplier applies a BCR to one of the EU Supervisory bodies (one of the 27 EU members). These are termed Lead Authorities. Once the checks have been completed and the Lead Authority is satisfied with the adequacy of the data privacy safeguards in place, the Lead Authority decision is binding across all Supervisory authorities in other European states. However, as in much European Legislation member states may have additional requirements.

Once Binding Corporate Rules (BCR) status has been achieved:

Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with the 8th data protection principle and Article 25 of Directive 95/46/EC.

However, what of smaller providers? No so easy – and it can become rapidly more complex.

The EU has two other provisions for managing data that contains personal information – the rule of adequacy and safeguarding.

Not surprisingly (shock) all 27 EU members meet the rule of adequacy. Adequacy is simply defined around the level of protection at national level.

For other countries who are non-EU, the EU will judge this on the national rule of law; respect for human rights, fundamental freedoms and relevant legislation, both general and sectoral, including public security, Defence; National security and Criminal law. Simple enough …

Now the bad news. There are only some 11 countries globally that are deemed to meet this level of adequacy. These include Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay. If your spend analysis provider lives in any of these countries – that’s fine. Happy days.

However, what if they don’t? The new Regulation is simple in objectivity. The GDPR change removes a controller’s (or data owner, we will explain controller and processor in the next few posts) previous ability to transfer personal data outside the EU where this is based only on your own assessment of the adequacy of the protection afforded to personal data. More work to do.

This brings us to the last option – safeguarding.

Safeguarding means just that – can the supplier offer sufficient safeguards with data containing personal information?

However – can the problem be eradicated and avoid GDPR regulations?

We will cover these areas in the next post. Our advice as always – find a lawyer who understands the regulations and can guide you either as a customer or supplier. If you are in doubt, get advice.

If you breach the regulations – it could get expensive.

Thanks, Tony.

GDPR and Procurement Spend (GDPR Part II)

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

It’s interesting that the more companies you speak to, the less certain you become about whether organizations have truly readied themselves for GDPR.

There are statistics around how companies in general are prepared for GDPR. The focus in most organizations is on the most obvious areas of a business – marketing and customer data. The Regulation is very specific around what is meant by personal data:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Well, spend doesn’t contain personal data … does it?

Be afraid, very afraid — spend data can be packed with personal data.

The Regulation states that in-scope data is:

Personal data that is processed wholly or partly by automated means. – Personal data that is part of a filing system or intended to be.

The only exclusions are things like immigration checks, police investigation, personal activity and personal data generated by an activity outside of EU Law.

So, should sourcing and procurement be worried? I would say yes.

In most company data sets within the EU there may be:

  • Staff reimbursement data – many companies still pay staff by setting them up as vendors;
  • Purchasing or corporate card data – many companies use an expense manager. Each card will have a name associated with it;
  • Many invoices will have line descriptions with components like consultant names, “James Smith, managing consultant”;
  • Temporary labour – the name of the person, rate and other details may be included in the invoice text.

There may be a lot more personal data across e-procurement and other data sources. Data inventory analysis is designed to identify those elements … assuming that someone has realized that spend data may contain personal information.

However, does it matter? We would say yes. A name in this type of data identifies a person very quickly. We even know who James Smith, our consultant, works for. Vendor name of course.

If you are not moving the data outside of your own environment (within the EU), the risk is reduced – but there are several elements to consider. However, if you have a spend analysis provider outside of the EU then the problems are suddenly more acute. Our guess is that many of the larger analytics providers will have scrutinized the Regulation and accommodated the required changes already.

For many smaller providers that service European clients from outside of the EU, recognition of the legislation complexities may not have even started.

The Regulation goes live in under a month. The question is – do European clients and analytics providers both inside and external to Europe have the right level of compliance – and understanding of the obligations? They aren’t optional either.

Perhaps it’s time you asked your provider if you are an EU company.

In the next article we will look at some of the complexities of spend data that sits in the GDPR domain. Part of the reason the GDPR legislation has been introduced is to fundamentally change how personal data is managed.

This isn’t a “nodding dog” legislative change – of that there is little or no doubt.

Thanks, Tony.

GDPR – who cares?

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

The countdown has begun!

On the 25th May 2018, the European Union GDPR (General Data Protection Regulation) goes live. However, it is unlikely to be introduced with fireworks or an Olympic sized ceremony.

All 27 European members will have a GDPR supervisory body implementing on that day. As it’s an EU Regulation it has zero capacity for change in member countries. For those hoping that Brexit may dilute the Regulation – think again. This is one Regulation that governments are unlikely to attempt to repeal or amend in the short term.

Elizabeth Denham, Commissioner of the UK based Information Commissioners Office (ICO), said in a speech in 2017: “There’s a lot in the GDPR you’ll recognise from the current law, but make no mistake, this one’s a game changer for everyone”.

Like many legal changes of this size, GDPR has spawned a whole new range of enterprises and commercial activity to help organisations manage the change within the EU. However, will it have much impact on day to business? – and is anyone doing much about the impending change? UK Government:

Figures from the end of 2017 showed that more than 44% of employers were not aware of the GDPR, while a government study in January 2018 revealed that only 25% of businesses which had heard of the regulation had made any changes to their operations. (Source: Business Matters)

The ICO in the United Kingdom is certainly preparing for the implementation of the Regulations. A cursory glance on the job boards reveals a constant stream of recruiting advertisements for staff.

Clearly, they are being resourced for the change – and see work to be done. The UK ICO is clearly committed to ensuring compliance.

However, what is more alarming about the statistics on UK preparation, is that many suppliers outside of the EU are going to be directly impacted by the legislation. It is likely that many suppliers will have little or no cognizance of the impact of this change.

The fines for a breach can be staggering. For companies outside of the EU, their geographical location may mean little in litigation evasion terms. It may also exert direct pressure on supplier contracts if they seek to provide goods or services in to the EU that involve privacy data. Elizabeth Denham’s quote implies everyone.

It may also change the competitive landscape as those suppliers outside of the EU who provision for the GDPR may be perceived as a risk reduced implementation option.
What do we think will happen? May be something, may be nothing. If we could predict with any accuracy – we would become wealthy overnight.

Over a series of simple posts, we will look at some of the core building blocks of the Regulation and perhaps point out where sourcing professionals need to do stop and think about their own operations. We would also suggest that no one wants to become the precedent case for a breach.

Like many elements of business, we aren’t a legal firm – our advice is that if you think you are going to be impacted by GDPR – we strongly recommend that you seek appropriate legal advice.

Thanks, Tony.

Training a Procurement Team

Special thanks to Charles Dominick, SPSM3 of the Next Level Purchasing Association for this guest post.

In the previous post of this series, I covered how to determine the competencies in which each of your procurement team members should be trained. Today, I will cover the options for procurement training.

Specifically, I’ll cover the advantages and disadvantages of these five options:

  1. Internal Training
  2. On-Site Seminars
  3. Conferences
  4. Online Courses
  5. Certification Programs

Let’s begin …

Internal Training

Internal procurement training is when seasoned members of a procurement team provide classroom-style instruction to less senior members of the team.

Advantages: The main advantage of an internal training approach is that the training can be customized to be laser-focused on the issues specific to the organization. Also, no travel is required, making internal training convenient and low cost.

Disadvantages: There are many disadvantages to internal training. First, just because someone is a good procurement professional doesn’t mean they will be a good trainer. They are two separate professions. And it can be painful to listen to a less-than-expert public speaker drone on for hours at a time. Second, a valuable outcome of training is being exposed to new ideas that can be adapted to the organization. Internal training does not provide for such new ideas. Third, preparing a training event is more time consuming than many non-trainers think. When a procurement professional is spending hours upon hours preparing for training, they are not doing what they were hired to do: deliver value through excellent procurement performance. Fourth, taking an entire procurement team away from its regular duties to sit together at the same time in a classroom could lead to delays or disruptions in business operations.

On-Site Seminars

Holding on-site seminars involves hiring a trainer to deliver live training right at the facility where the procurement team works.

Advantages: Like internal training, on-site seminars do not require the staff to travel, offering convenience. But, unlike internal training, on-site seminars are conducted by expert trainers, which makes a high quality training experience much more likely.

Disadvantages: Like internal training, taking an entire procurement team away from its regular duties to sit together at the same time in a classroom could lead to delays or disruptions in business operations. Also, not all on-site trainers are available for questions after their time on-site is over. Finally, if you want the best trainer in the country or world — not just the best local trainer — it can be expensive as you will have to pay the speaker’s fee and his/her travel expenses.

Conferences

Conferences bring together procurement professionals from multiple organizations and multiple geographies, exposing them to a wide variety of educational sessions and providing them with networking opportunities.

Advantages: Attending conferences is a great way to be exposed to a wide variety of new ideas in a very compressed period of time. The opportunity to network with ambitious procurement peers is a benefit that is arguably just as important as the education.

Disadvantages: Sometimes, conferences have such a variety of topics presented that you don’t get as deep an education in one topic as you’d like. Also, having to be out of the office for two, three or more days is difficult for some procurement professionals.

Online Courses

Online courses provide procurement professionals with on-demand access to educational content. Learners access these courses via computers or mobile devices.

Advantages: This option removes the geographic and time-related barriers to learning from the best procurement training organizations. Procurement professionals can participate on their own and progress at their own pace. Questions can be asked at the time answers are needed most — when learned techniques are being implemented. The education can be consumed in small increments, serving as less of a distraction from normal business activities.

Disadvantages: Unlike conferences, where face-to-face networking is a top benefit, the benefits of online courses are more education-related.

Certification Programs

Certification programs take education to the next level by awarding a credential after the successful completion of training and testing.

Advantages: While many procurement leaders struggle to figure out the best topics on which their teams should be trained, certification programs are based on years of already determining that, providing a turnkey plan for procurement staff education. By successfully completing a certification program, a procurement professional will be awarded the privilege of using a credential — like SPSM — after his or her name. Credentials help procurement professionals prove their value and generate respect among peers, management, internal customers and suppliers.

Disadvantages: The best certification programs are designed to confirm that the best and brightest procurement professionals are, well, the best and the brightest. That means they may be too challenging for lesser performers.

As you can see, procurement professionals have a lot of options for training. The good news is that all of these options have merit. Any time that there are a lot of options, there is a chance of being overwhelmed and getting wrapped up in “paralysis by analysis.” My advice is to choose at least one option every year. Because when it comes to activities designed to increase your procurement knowledge, doing something is always better than doing nothing.

Assessing A Procurement Team’s Skills

Special thanks to Charles Dominick, SPSM3 of the Next Level Purchasing Association for this guest post.

You have a procurement team. It isn’t performing quite as well as you’d like.

You instinctively know that there has to be mismatches between the skill levels required for each position and the skill levels possessed by the occupants of those positions. You know action is required. But you can’t exactly put your finger on a way to solve the problems that are preventing you from maximizing procurement performance.

Where do you start?

Well, you can’t solve a problem unless you identify it. And you can’t effectively go to war without knowing what weapons you have. So, at this point, you need to assess the skills of each member of your procurement team.

Now, conducting a world-class procurement skills assessment is a pretty involved process. For the brevity required by a blog post, we will have to cover some parts of the process by simply stating what tasks need to be done and not necessarily how to do them. For example, before you assess procurement skills, you need to determine which competencies are required to achieve organizational goals. That’s an hour-long seminar in and of itself. Let’s assume that you already know what competencies are required for success and, therefore, what skills you need to assess. There are many options for assessing procurement skills, so we will spend more time on that process.

There are three ways of assessing procurement skills. The following is an excerpt from a Next Level Purchasing Association white paper entitled, “The Procurement Leader’s Guide To A More Successful Team: Seven Steps For Improving Skills & Getting Better Results.”

Skill Assessment Method A — Self-Assessment

One commonly used approach is to have each team member complete a self-assessment. For example, you may list your desired competencies and ask each staff member whether their skill levels in that competency are high, moderate or low. While this can get the job done quickly, it is not likely to be accurate.

First, the assessment is inherently subjective. Any skills assessment should be able to challenge a skill level claim with the questions “according to whom?” and “compared to what standard?” The answer to these questions for this method would be “according to the individual” and “compared to that individual’s opinion,” respectively. Not the strongest benchmarks.

Second, there is a risk that a self-assessment might be completed defensively. Individuals may feel that the reason for the assessment is to identify candidates to be downsized or to award promotions or raises. Therefore, individuals may rate their skills higher than they truly are in order to avoid punitive measures or to achieve rewards. Attitudes of individuals in these situations may be characterized by statements such as “If I don’t recognize my skills, how can expect others to recognize them?” and “If they knew my real skill levels, they wouldn’t be asking me to do this self-assessment, so why be modest?”

Skills Assessment Method B — Manager Assessment

Another approach is to either

(i) begin with a self-assessment and validate it with a manager’s review and update of that assessment or

(ii) to simply have the manager assess each staff member’s skill levels independently.

Of course, this approach is still subjective and “inside the box.” An internal assessment does not compare skills with best-in-class procurement professionals — it compares it with internal expectations, which often can drift to one of two extremes:

(i) the current team has inadequate skills or

(ii) the current team has been here a long time and the team members know their jobs inside and out.

When it comes to mastering all aspects of procurement, you should always lean towards the mantra of “We don’t know what we don’t know.”

Skills Assessment Method C — Third-Party Assessment

Yet another approach is to have the skills assessment performed by a third party. A third-party assessment can provide the most objective data. And you may be surprised that, depending on the provider, you can have a procurement skills assessment performed at little to no cost and little effort.

Regardless of the method chosen, you need to have an idea of at least two tiers of skill level in each competency: acceptable and unacceptable. A graduated measurement with data between these two tiers is better, but you must at least know the demarcation point between acceptable and unacceptable.

Using Assessment Results

Once you have assessed the procurement team’s skills, you need to do a gap analysis. Again, that’s one of those things that I could write on and on about. I’ll simplify it by saying you’ll document which team members lack adequate skills in which competencies.

Once you have your skill gap analysis, then can develop a roadmap for training in order to close those gaps. That topic deserves plenty of attention, so I will dedicate my next guest post to that topic.

Stay tuned!

Thanks, Charles.