One of the highest trending topics in the first part of 2018 was data privacy and protection, with multicountry investigations seeing large organizations under fire for negligence concerning the lack of transparency regarding what data is, and what isn’t, under protection.
The EU addressed the call for stronger protections to be enforced when new regulations called GDPR took effect on May 25, 2018.If your business deals with collecting any data on citizens in the EU, you’ve already heard about GDPR, and hopefully, you had prepared your business to comply with the new regulations. It was paramount that every business complied to be sure they avoided hefty fines getting imposed.
What Is GDPR 2018?
GDPR stands for General Data Protection Regulation, and it came into law across EU member states (including the U.K.). It replaced previous EU directives to harmonize the national data protection framework. The primary objective, as the name suggests, was to protect the data of individuals.
The last regulation or law on data protection was passed way back in 1998, predating Facebook, Twitter, Youtube, and a bunch of the most successful websites that people across the globe use today. So much has changed since then, and the way we use data now is vastly different and far more advanced.
“The world’s most valuable resource is no longer oil, but data.”
– The Economist
This regulation will have the most significant impact on business models that rely heavily on processing a large amount of sensitive user data. However, nearly all businesses that do business in the EU or the U.K., regardless of size or industry, will be affected in some way.
When Did It Come Into Effect?
The GDPR came into effect on May 25, 2018. Those businesses not complying with GDPR by the deadline, might have been subjected to fines up to 4 percent of their annual turnover or 20 million Euros, whichever was greater.
Who Is It relevant To?
GDPR applies to every business around the globe which offers goods or services to EU residents. If you have a website that collects personal data from the EU, you must comply with the GDPR. However, what is considered to be personal data? Well, that changed as well. GDPR has extended the definition to include IP addresses, cookies, emails and more. This law will affect your business regardless of your business’ location; it’s all about the location of the people whose data you are collecting.
How GDPR Affects Transport & Logistics
Logistics and transport companies collect and process a lot of data on an everyday basis. For a sophisticated supply chain, comprised of an extensive network of operators, suppliers, and retailers, there is even higher pressure to ensure compliance with new regulations. All companies that trade with the EU and U.K. by default will have to take responsibility for data protection breaches that occur within the supply chain, at whichever point they happen.
For starters, transport and logistics companies need to:
- Think carefully before sharing their data with external suppliers, vendors and service providers, ensuring these parties are also GDPR compliant.
- Map the flow of personal data from how it's received, stored, processed and where it flows along the supply chain.
- Identify and figure out data security weaknesses within their organization and take prudent action to contain them.
Reports suggest that many organizations did not assess the full impact of GDPR or subsequently failed to take the required action to comply with the regulation. The reality is that every organization had to do reasonable due diligence to meet the requirements of the regulations by May 25 2018.
Is Your Business GDPR Compliant?
GDPR affects all business that holds personal data which includes data on your employees and customers, regardless of the location of your business.
On the contrary to a common misconception, GDPR does not restrict or affect how much data a business can acquire, but instead it focuses on
- How you process the data?
- How you secure the obtained data?
- How long can you hold that protected data?
- How you handle data breaches?
- What rights do users hold over their data?
Complying with the GDPR will ensure that your business knows how to handle the data you collect and to be prepared for data breaches if it ever to occurs.
Here's An example Scenario
The unfortunate reality of our highly interconnected and digital world is that data breaches are a part of everyday life. The financial price of getting GDPR wrong is undeniably significant, with fines up to four percent of turnover, it’s enough to turn the heads of your board of directors. But the overall cost to the brand is even worse.
For example, a global company suffered a data breach back in 2015; users took to Twitter with over 200,000 negative tweets on the subject in just one week. The result was a loss of over 101,000 customers in a short period.
A more recent case involving Maersk shows how cyber attacks can stall the world’s largest global supply chains. The "Wiper" virus deleted user data causing massive delays and forcing the company to manage 80 percent of its shipping volume without any IT for 10 days; the total cost, reported many months later, was between $250 - $300 million.
If users or customers lose trust in an organization's ability to protect their data they can and will find other providers. In the highly competitive logistics and transportation industry, this can quickly become a competitive advantage if GDPR gets correctly exercised.
How Can I make Sure My Site Is GDPR Friendly?
GDPR is going to change the way we collect or process data fundamentally. Before you can even process any data, you need to have a legal ground for doing so. The main areas marketers and data protection officers have to think about are, consent, contract, and the legal obligation to process that data.
Download Your GDPR Checklist
According to the EU’s GDPR, an explicit consent has to be freely given, specifically informed unambiguous indication of the data subjects agreements for processing, meaning there are no more pre-ticked boxes and no more bundled consents. Here’s a quick checklist for GDPR compatibility.
- Gain explicit consent from the user when collecting any data.
- Existing email lists need to gain explicit consent from the users.`
- Data breach procedures need to be laid out to inform both the users and legal regulators.
- Download our free GDPR checklist to make sure your business complies with the upcoming GDPR regulation.
GDPR Reference links
Official GDPR Websites
ICO’s Digital Marketing Checklist
Hubspot – Get ready for GDPR
Hubspot – GDPR friendly mailing list
Salesforce GDPR Guide
Privacy statement & cookies policy templates
Please note that this is not legal advice. This article is catered towards businesses in the supply chain industry, to inform professionals on the necessary actions required to comply with the GDPR.