Suppliers are important players in consolidating a business, representing a very beneficial alliance for commerce. However, certain precautions must be taken before hiring a supplier or undertaking the provision of goods or services to company X. After all, with the LGPD (Brazilian General Data Protection Law), there can be consequences for misconduct by suppliers.
Can companies share data with suppliers?
Yes, as long as it is for legitimate and explicit purposes for everyone. Precisely because of this possibility, it is important that the supplier complies with data privacy laws and handles data securely, consciously, appropriately, and ethically. In Brazil, suppliers must comply with the LGPD, the General Data Protection Law.
It's worth noting that data sharing with suppliers should be known to customers who have created a registration with your company. Most of the time, this type of information can be found in... privacy policyIn addition to mentioning that data is being shared, the designation and motivation behind sharing it with operators should also be public.
Examples of situations where data is shared between suppliers.
To cite two recurring events, we mention examples from logistics and customer service, so that you can better understand the use of personal data in the company-supplier relationship.
The logistics service requires personal information, such as address and name, to to carry out the delivery For the person who placed the order.
On the other hand, there are also customer support services, where a person's contact information is shared so that support can contact them directly. Information such as purchase history can be accessed.
There is also information shared directly with digital platforms. Among the service models that stand out are: payment, digital marketing, recruitment, data analysis, hosting, among others.
How can I choose my supplier?
If the supplier you've chosen experiences a data breach, or intentionally leaks data, the consequences are serious for your business.
If any damage occurs as a result of a supplier's data breach, you will be held responsible. Your company and suppliers may face fines under the LGPD (Brazilian General Data Protection Law) or lawsuits filed by those affected.
Therefore, it's pointless to have an extremely well-equipped data system with the best technologies on the market and trained employees if the data you share is in the hands of suppliers who don't undergo the same protection process or, at least, similar conditions.
Furthermore, your reputation and that of the supplier are at stake. Knowing about the data breach will result in a wave of data deletion requests, and your customers will have the wise option of switching to another business if necessary.
When it comes to data protection, it's a relationship between controllers and processors, who don't always address the issue of privacy as much as they should.
