The General Data Protection Regulation (GDPR), the new data protection act for businesses drawn up by the European Union is coming closer and closer to its implementation date. The new law, which identifies strict compliance requirements for how companies manage personal information, will have a far-reaching jurisdiction which includes any business that holds data on an EU citizen—no matter where that business is based. Because every organisation across the private and public sector—including charities, hospitals and schools—uses personal data, getting ready for the GDPR should be top of your agenda.
The consequence for failing to comply with the new law is that of heavy fines (which can total €20m or 4% of your annual global turnover) as well as the subsequent loss of reputation. If you are in the transport and logistics field, then you should read on to see how this incoming law affects your business and what you can do to get GDPR-ready.
Adjusting to rapid change
This new data protection act for businesses comes at a time of increasing digital penetration into the logistics and transport sector. Firms now collect and create enormous volumes of data about their customers, about delivery addresses and about other private information. This allows you to provide better, faster and more efficient services, yet also requires the collection of ever more data. And if that data is exposed in any way, the damage to customers and your business could be huge. The GDPR’s role is to protect your customers’ personal data as the industry continues to change.
It’s rare now that a week goes by where we don’t hear about a malicious cyber-attack that puts large numbers of people’s personal data at risk, or an accidental loss of sensitive data due to negligence or simple human error. So, a new law about how personal data is dealt with is both timely and appropriate.
The effect on transport and logistics
The focus of the GDPR is on personal data and the data businesses hold about their employees and customers. It doesn’t directly affect how much data companies can collect on either group, but rather:
- How they process and store that personal data
- How consent to process personal data is obtained
- Introduces the so-called right to be forgotten
And these factors will play a very important part in how your organisation treats the data you collect on customers, their orders, order numbers and addresses. Many logistics companies collect large amounts of data on their customers. Should this data be leaked online or collected without consent, being stung for non-compliance with the GDPR could have a crippling effect on your business. Let’s explore what this could look like.
How the data protection act for businesses could affect you
Picture a scenario where your company is hired by the NHS or a health charity to deliver some kind of home treatment therapies to individuals with long term conditions such as diabetes or HIV. Now, should the worst happen, and your delivery list is somehow leaked online through negligence, malice or human error, the fallout could be huge. Of course, the individuals whose data was released would be immediately and adversely impacted, and are likely to sue you for the mistake. What’s more, if you were shown to have failed to put in place the proper GDPR checks and balances, your organisation would be further stung by the EU’s courts—and as noted above, the fines can be enormous.
The GDPR aims to ensure that this kind of situation would never arise. First, by ensuring transport and logistics companies are following data-protection best practice. Complying with the GDPR will mean you are less likely to experience such a leak. Second, if you can show that you have complied with the legislation, then the chances of receiving the most severe fines will be reduced.
Complying with the new data protection act for businesses
With less than a year to go until the implementation of the GDPR, preparation remains the most important focus for businesses of any size. Whether you have begun your preparations or not, consider taking Privacy Impact Assessments (PIAs) and content audits as first measures to becoming GDPR-compliant.
Organisations in the transport and logistics industry vary in size and complexity, so it’s important you know where you stand in relation to your current compliance practices. This way you can assess the level of effort and time it will take to adjust to full compliance.
At bluesource, we employ a range of compliance assessments specific to GDPR regulations in your industry, so your company can identify its security situation and begin taking the first steps toward ensuring GDPR compliancy now and well into the future.