Data Protection in the Public Procurement Process

Transparency is one of the fundamental principles in public procurement. At the same time, the General Data Protection Regulation (GDPR) requires all operators, whether public or private, to respect privacy and data protection. The study starts from the premise of avoiding sanctions and of complying with the obligations of the contracting authority by knowing the hierarchy of values protected by the regulations in force. An important role in ensuring compliance with the law is to correlate the activity of the data protection officer with the procurement department. The stages of the public procurement procedure will be analyzed in the most relevant aspects, from the publication in the Electronic Public Procurement System and the management of personal data submitted by bidders in the procurement procedures until the publication of the results. We will observe whether data protection can become an award criterion and the influence of bidding data breaches in procurement procedures. A sensitive issue is the protection of data transferred outside the European Union and, from the point of view of competition law, the consequences of the associations, and we will finally discuss some aspects regarding the corrective measures that the data protection authority may impose.