Why You May Need a Manual Vendor Process with Your Vendor Self-Registration Portal

After months, leadership finally approved your business case to implement a vendor portal for the vendor setup and maintenance process.  The vendor portal project and related tasks were hard and took longer than expected (they always do), but you got through it.  You have a way for your vendors to login and self-register or update their existing information.  The vendor portal provides vendor authentication, handles all validations, approvals are captured, and it’s integrated into your Accounting System/ERP so the vendor data flows in touchless by your vendor maintenance team.  The last thing you want to think about is retaining or adding a manual vendor process.  Why may you need one?  GDPR. 


The EU General Data Protection Regulation (GDPR) was passed on April 14, 2016 and enforcement began on May 25, 2018.  The regulation provides individuals in European Economic Area (EEA) countries the right to consent to use of their personal data.  The law is complex, and each organization needs to interpret the law and its effect on their vendor maintenance processes and systems to remain compliant.   For more information on GDPR click here  for the European Commission website or here for their Data Protection infographic for small businesses. 

Here is why it may matter for your vendor portal. Vendor self-registration portals typically require an internal team member such Procurement to start the vendor onboarding process by creating the vendor record and adding the first name, last name and email address of the vendor contact.  This personal data will be used to send the invitation to the vendor to complete the registration. 

What can this mean for your vendor portal?  

  • Require functionality to determine, or allow the user to self-identify at first login, if they are in one of the affected countries and if yes, have them view your privacy policy and give them the option to unsubscribe/be removed from the portal. 


  • If the user unsubscribed and they are the vendor, such as with an individual, the vendor record may need to be removed from the portal. 


  • For those vendors that unsubscribed, to avoid collecting personal data via the vendor portal, future changes may need to be submitted and processed using a manual vendor process. 

Manual Vendor Process

If your organization’s solution to GDPR is also to create a manual vendor process, or if you are still using a manual or partial manual vendor process, here are some tips to avoid fraud and keep the vendor master file clean:

  • Require a Vendor Setup Form be completed in full by the vendor.  Require the W-9, insurance information (if an insurance certificate is required) and banking details if payment will be made by ACH.

  • Create and brand a Banking Details form to submit banking details.  Require signature, Tax ID and if a change, either the old banking details or the last three deposit dates and amounts as authentication. 

  • Implement authentication techniques to ensure the supporting documentation collected is valid and came from the vendor. 

  • Provide your Vendor Maintenance team with a checklist or reference list to ensure applicable validations are performed prior to adding the vendor to the vendor master file.

  • Once the vendor setup is complete, send the vendor a Welcome Packet that includes all the required information to do business with your company such as their vendor id, what to include on their invoices and how to submit, etc. 

  • Validate any change requests with the vendor and once the vendor change is complete send the vendor a confirmation of the change.

Be sure to check with your organization’s leadership, audit and/or legal department before making any changes to your current process.

Check out Episode 12 of the Putting the AP in hAPpy Podcast “What Role Can P-Cards Play to Avoid Fraud in Your Vendor Master File” to see how P-Cards may be a solution to a manual vendor process. It will be published on Sunday, January 6th.

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable #manualvendorsetup


Debra R. Richardson,


Debra is an accounts payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies including Verizon, General Motors and Aramark.

For the past eight years, Debra has focused on Global Vendor Maintenance, and implemented a vendor self-registration portal for 140k+ global vendors across five Accounting Systems/ERPs. In her consultancy, she focuses on internal controls and authentication to prevent fraud in the vendor master file.