GDPR is, currently, one of the most talked about issues facing not only freight forwarding but any business that must adhere to EU regulations. The General Data Protection Regulation will be rolled out tomorrow and its purpose is for the protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The nature of global connectivity through freight forwarding means that this is issue business owners must pay close attention to. Aware that this law is being enforced tomorrow (25th May) here is some useful information that many industry practitioners should know.
The hardest hit will be those that hold and process large amounts of consumer data. Many freight forwarders, or e-commerce users, immediately fall into this category. Even complying with the basic requirements for data access and deletion presents a large burden for some companies, which may not previously have had tools for collating all the data they hold on an individual.
This gives your customers control over promotional / news that they may not want to see and if they do not OPT-IN to receive these, and you continue to keep them on your mailing list or stored in your database, you leave yourself vulnerable to a maximum fine of 4% of your gross turnover, or €20million.
If you think that there is nothing to worry about, as this being an EU regulation and we are soon to leave the European Union, thanks to the data protection bill that has been working its way through parliament since September 2017, and the government has committed to maintaining it following Brexit.
The new regulation is enforced to try and force companies to attain consent from users for their personal data in a more transparent manner, rather than hiding it in pages of terms and conditions. It must be clearly distinguishable from other matters, and this will help consumers from having their personal information linked/shared with 3rd parties unless they are aware and happy to receive information. This means that pre-ticked boxes or premium services in exchange for further personal information cannot be done anymore.
Companies must also comply within one month to an individual’s requests for a copy of their information held with you, whilst also giving the consumer the power to correct/delete any information that a company holds about them. A company may refuse to delete or correct information but is going to need a pretty good reason to do so. A company must also comply with their regulatory body if a data breach was to happen within 72 hours, so keeping your data safely secured is paramount.
Whilst many have prophesied about the repercussions of GDPR, we won’t know the full effect of the new regulation until the first court-cases are publicised and settled. This seems like a massive change in the regulation, however, if companies have been responsibly using their data, and continuing to showcase good practice, then these changes will not have a detrimental impact on your freight forwarding company.
Matt Dailly | Editor | FORWARDER Magazine