Supply chain management and CSRD

Corporate Sustainability Reporting Directive is shining a light on supply chain transparency. What does your business need to know about sustainability in its supply chain now?

Corporate Sustainability Reporting Directive (CSRD) is an ESG (environmental, social and governance) standard enacted by the EU. It is designed to make corporate sustainability reporting more common, consistent and standardised like financial accounting and reporting. 

The first companies are going to have to report on the CSRD soon. The directive has come into force and the deadline for EU member states to transpose it into national law was July 6th. (Although that deadline does not seem to concern most EU member states. Only a few have completed the legislative process.)

Still, CSRD dramatically extends the scope of sustainability reporting requirements to tens of thousands of additional companies, including all large companies and all listed companies. CSRD also applies to large companies not in the EU, but who have an EU subsidiary which meets the criteria. It is estimated that the number of companies required to report will increase from around 11,000 under NFRD to nearly 50,000 as part of CSRD.

Supply chain due diligence and CSRD

CSRD places increased emphasis on supply chain transparency and due diligence. Organisations will be required to disclose information on their supply chains, including environmental and social risks and impacts.

CSRD broadens who must report, standardises what they report and expands the scope of reporting to include the full value chain. While it will reduce the noise of multiple reporting frameworks and help companies focus, it will also require companies to do things they haven’t thought about and place pressure on them to have increased transparency and accountability. 

Is CSRD a big deal for supply chain sustainability?

Yes. CSRD requires all large and listed companies to publish regular reports on the social and environmental risks they face, and on how their activities impact people and the environment. It aims to help investors, consumers, policymakers and other stakeholders evaluate non-financial performance and encourage a more responsible approach to business.

One of CSRD’s main innovations is placing a company’s value chain at the centre. Unlike other sustainability legislation that focused on a company’s own footprint, CSRD goes to the supply chain. This is not surprising, given that most of a company’s impact and risk lies within its supply chain. But it means that organisations must now take responsibility for their suppliers. 

Want to learn more about everything your company needs to know about sustainability in its supply chain now?

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.