The EU General Data Protection Regulation (GDPR) will shake up data privacy regulations, but John Green, chief operating officer at training provider System Group, believes many in the transport and logistics sector remain unprepared for its arrival next month.
The new law coming into effect on 25th May 2018 will require everyone from private sector businesses to public sector operators, to comply with what appears to be a myriad set of new rules. And there’s no avoiding GDPR – it will affect anyone who collects, uses and stores personal data, either electronically or in paper filing systems. 
Those affected by GDPR span all sectors – private and public – and, it would seem surprising at this stage, many organisations still aren’t fully aware of the implications or have adequately planned for it. This includes many in the transport and logistics with responsibilities for driver, forklift and warehouse skills training, because personal data is collected from the trainee by the relevant trainer organisation.
Penalties for non-compliance with GDPR are eye watering: fines of up to €20M or up to 4% of total global revenue of the preceding year, whichever is the greater. 
John believes from his experience that a lot of companies aren’t fully prepared for or struggling to understand, their new responsibilities, and wants to see many across the transport and haulage sector urgently adopt plans for GDPR compliance.
He says there’s still time to act: “So, what can be done to be prepared at such a late stage? After all, it’s the responsibility of everyone within an organisation to protect against potential data breaches.
“It’s not too late to examine the information you hold and complete your information audit, documenting the personal staff and student data that’s held on file, where it came from and who accesses it.
“Check your privacy guidelines and draw-up plans to accommodate any necessary changes. Check also that current procedures cover all the rights of individuals, including how you would delete personal data or access and provide data electronically.”
He says it’s critical that the correct procedures are in place to detect, report and investigate a personal data breach and if not already done, assign a designated data protection officer or manager. E-safety is also of critical importance; so if you have a policy, check and review to ensure it remains fit-for-purpose.
“Having a clearly defined policy in place will be vital in ensuring that all key stakeholders know what needs to be done to ensure compliance,” John adds.
It’s also imperative to have some degree of SLA in place to maintain the currency of the client/training provider relationship. This has to be linked to what you want from your service provider that can directly contribute to GDPR: never be afraid to challenge your supplier over agreements surrounding its commitment to quality assurance and other matters such as self-assessment, improvement planning and evaluating provision against the requirements of the Ofsted Common Inspection Framework (CIF).
John says: “More than anything, it’s important that the training provider works with you to plan for change, as well as growth, because it’s easy to forget that demands for additional training or a sudden recruitment drive, places increased demand on resources and capabilities.
“Any competent professional training provider should be suitably adept and GDPR savvy, equipped with the expertise and experience to move forward post May 2018. This should be supported by the requisite quality assurance systems and procedures to help predict how your needs will change in line with your strategy.”
Training providers have to be committed to ensuring that customers enjoy the highest level of protection while maintaining trust at all times.
This is essential if those undergoing training, or apprenticeships completing their studies in the classroom/workplace environment, are to realise their potential and go on to play their role as part of a motivated and skilled industry workforce.
There’s no question that GDPR’s set to have a massive impact, shaking up whole swathes of UK business and commercial. It’s incumbent upon those in our industry, transport and logistics, to understand its impact and be ready to move forward with confidence and alacrity as it comes into play. If necessary, work with a Register of Apprenticeship Training Providers (RoATP) approved partner who can help you navigate an evolving landscape and guide you through the obligations and responsibilities.
John Green, chief operating officer at System Group, which works with logistics and transport companies, military and government departments, local authorities, national corporations and small businesses as well as individuals and the self-employed. The company also offers a wide range of qualifications from management and leadership through driver licence acquisition through to outsourced learning and development Levy management solutions. More at
Photocaption: System Group’s John Green is worried many in the transport and logistics sector remain unprepared for GDPR