One of the highest trending topics in the first part of 2018 is data privacy and protection, with multi-country investigations calling large organizations under fire for negligence in protecting people’s personal data and lack of transparency into what data is actually being protected. The call for stronger protections is already being addressed in the EU with new regulations called GDPR going into effect May 25, 2018.
If your business deals with collecting any data on citizens in the EU, you’ve already heard about GDPR, and hopefully, you have already set up your business to comply with it. With the deadline right around the corner, every business wants to make sure to comply, at the very least to avoid hefty fines.
What is GDPR 2018?
GDPR stands for General Data Protection Regulation, and it comes into law across EU member states (including the UK). It replaces the current EU directives to harmonize the national data protection framework. The primary objective, as the name suggests, is to protect the data of individuals.
The last regulation or law on data protection was passed way back in 1998, predating Facebook, Twitter, Youtube and a bunch of the most successful websites that people across the globe use today. So much has changed since then, and the way we use data now is vastly different and far more advanced.
“The world’s most valuable resource is no longer oil, but data.”
– The Economist
This regulation will have the largest impact on business models that rely heavily on processing a large amount of sensitive user data. However nearly all businesses that do business in the EU and/or UK, regardless of size or industry, will be affected in some way.
When is it coming into effect?
The GDPR comes into effect on May 25, 2018. If you do not comply with the GDPR by this deadline, your business might be subject to fines up to 4% of annual turnover or €20m, whichever is greater.
Who is it relevant to?
It applies to every business around the globe which offers goods or services to EU residents. If you have a website that collects personal data from the EU, you must comply with the GDPR. What is considered personal data? Well that has changed as well. GDPR has extended the definition to include IP addresses, cookies, emails and more. This law will affect your business regardless of your business’ location, it’s all about the location of the people whose data you are collecting.
How GDPR affects transport & logistics
Logistics and transport companies collect and process a lot of data on an everyday basis. For a sophisticated supply chain, that is comprised of a wide network of operators, suppliers and retailers, there is even greater pressure to ensure compliance with new regulations. All companies that trade with the EU and UK by default will have to take responsibility for data protection breaches that occur within the supply chain, at whichever point they happen.
For starters, transport and logistics companies need to:
- think carefully before sharing their data with external suppliers, vendors and service providers, ensuring these parties are also GDPR compliant
- map the flow of personal data from how it's received, stored, processed and where it flows along the supply chain
- identify and figure out data security weaknesses within their organisation and take precautionary action to contain them
Reports suggest that many organizations still have not assessed the full impact of GDPR or taken the required action to comply with the regulation. But the reality is that every organization must do reasonable due diligence to meet the requirements of the regulations by May 25th.
Is your business GDPR compliant?
GDPR affects all business that hold personal data which includes data on your employees and customers regardless of where your business is located.
On the contrary to a common misconception, GDPR does not restrict or affect how much data a business can acquire, but rather it focuses on
- How you process the data?
- How you secure the obtained data?
- How long can you hold that protected data?
- How you handle data breaches?
- What rights do users hold over their data?
Complying with the GDPR will ensure that your business knows exactly how to handle the data you collect and to be prepared for data breaches if it ever to occurs.
Here's an example scenario
The unfortunate reality of our highly interconnected and digital world is that data breaches are a part of everyday life. The financial price of getting GDPR wrong is undeniably significant, with fines up to 4% of turnover, it’s enough to turn the heads of your board of directors. But the overall cost to the brand is even worse.
For example, a global company suffered a data breach back in 2015; users took to Twitter with over 200,000 negative tweets on the subject in just one week. The result was a loss of over 101,000 customers in a short period.
A more recent case involving Maersk shows how cyber attacks can stall the world’s largest global supply chains. The "Wiper" virus deleted user data causing huge delays and forcing the company to manage 80% of its shipping volume without any IT for a period of 10 days. The total cost, reported many months later, was between $250 - $300 million.
If users or customers lose trust in an organization's ability to protect their data they can and will find other providers. In the highly competitive logistics and transportation industry, this can quickly become a competitive advantage if GDPR is exercised correctly.
How can I make sure my site is GDPR friendly?
GDPR is going to fundamentally change the way we collect or process data. Before you can even process any data, you need to have a legal ground for doing so. The main areas marketers and data protection officers have to think about are consent, contract and the legal obligation to process that data.
Download your GDPR Checklist
According to the EU’s GDPR, an explicit consent has to be freely given, specifically informed unambiguous indication of the data subjects agreements for processing. This means there is no more pre-ticked boxes and no more bundled consents. Here’s a quick checklist for GDPR compatibility.
- Gain explicit consent from the user when collecting any data.
- Existing email lists need to gain explicit consent from the users.`
- Data breach procedures need to be laid out to inform both the users and legal regulators.
- Download our free GDPR checklist to make sure your business complies with the upcoming GDPR regulation.
GDPR Reference links
Official GDPR Websites
ICO’s steps to preparing for GDPR
ICO’s Digital Marketing Checklist
Hubspot – Get ready for GDPR
Hubspot – GDPR friendly mailing list
Salesforce GDPR Guide
Privacy statement & cookies policy templates
Please note that this is not legal advice. This article is catered towards businesses in the supply chain industry, to inform professionals on the necessary actions required to comply with the GDPR.