Morocco: National Commission for the Protection of Personal Data adopted Deliberation No. 98-AU-2015 establishing the model authorisation request for the processing of personal data in the context of supplier management

On 12 June 2015, the National Commission for the Protection of Personal Data (CNDP) issued Deliberation No. 98-AU-2015 establishing the model authorisation request for the processing of personal data in the context of supplier management. The deliberation outlines guidelines for processing the personal data of both individual suppliers and representatives of corporate suppliers, encompassing data collection parameters, retention periods, access rights, security measures, and notification requirements. The deliberation specifies nine permitted processing purposes, including tender management, order processing, supplier accounting, payment administration, and commercial information exchange, whilst mandating that data controllers implement appropriate security measures, inform data subjects of their rights, and obtain CNDP authorisation for any cross-border data transfers or interconnection with other databases having different primary purposes.