Personal data protection for suppliers

RGPD with our suppliers

Applicable from May 25, 2018 to the whole of the European Union, the General Data Protection Regulation (GDPR) strengthens the rights of European residents over their data and makes all players handling this data (data controllers and processors) accountable, whether or not they are established within the European Union. The regulation imposes specific obligations on processors, who may be held liable in the event of non-compliance.

La CNIL , extract from the subcontractor's guide

Any principal who calls on a subcontractor must ensure that the latter presents sufficient guarantees regarding compliance with the General Data Protection Regulation (RGPD). Contracts signed with our suppliers involving the processing of personal data must therefore include RGPD clauses.

The clauses used by EDF aim to comply with the RGPD in a balanced way for both parties to the contract. These clauses are available in the CGA and CPA templates accompanying our purchasing consultations in the Purchasing Portal.

Consult CGA and CPA on the Purchasing Portal (nouvelle fenêtre)

DCP information concerning our suppliers' representatives

As part of the principle of transparency carried by the RGPD, representatives of our suppliers will find in the document below, the mentions allowing them to know the processing of personal data operated by the various EDF entities with regard to the use of their data, in the context of our contractual relationship.

The processing operations, the associated legal bases, the categories of personal data processed, the recipients of the data, the retention periods and the procedures for exercising the rights of the persons concerned are specified, as well as the contacts of the various EDF entities.