It is a bit of a mouthful, and equally tricky to understand, but on Friday, 25th May, General Data Protection Regulation – or GDPR to you and me – comes into force. However, what does this complicated new law mean for you and me, more importantly, why should you care? I pose the question because it’s one that many of you have been asking about over the last few weeks. Therefore, I want to use this space to address some of your queries on the new directive.
GDPR – what is it?
Let me start by providing you with a basic definition of GDPR. The legislation, which comes into effect on 25, May, 2018, is being put in place to give you and me more control of our data in this country and throughout the EU. And in case you’re wondering, it is likely that it will stay in place even after we have left the European project.[i]
GDPR: what everyone needs to know…
In layman’s terms, three questions are important. They are what, where and how. So, for example, what personal data do you hold, where is it kept, and if one of your customers writes to you to request access to that information, can you gain access to it instantly and provide them with an effective and timely response?[ii] Companies failing to abide by the new data protection laws could in some cases face a hefty fine.
GDPR: But why is the new regulation relevant to you and me?
Well, we live in a world dominated by data. Some say data is the oil of the 21st century. In freight logistics, it has had a massive impact and is affecting positive change. If you operate an HGV fleet for example, you probably rely on telematics and tachograph records and an in-cab phone, which are all driven by data. If you’re part of a fleet, or you run one, then you’ll have access to driver and customer’s personal information, which will include bank details, insurance documents and other potentially sensitive information. This is all data you need to ensure is protected.[iii]
GDPR: I’m an owner driver – do I need to make any changes?
Many CX or HX owner drivers will remain largely unaffected. Why? Well, if you’re a freelancer and find all of your jobs through the Exchange, by continuing to use our services, you are in essence agreeing to the new mandate.
But that is not to say that owner drivers should take the new law for granted. They need to understand how GPPR will impact on their business and their customers, especially if they are working independently of the Exchange.
If you’re an SME, for example, and you find yourself in this position, then you’ll need to implement GDPR in your business. But even then, as the new regulation is basically a strengthening of the current Data Protection Act, which it will replace, it is unlikely that you will have to make fundamental changes to the way you operate your business.
So what tweaks should you make to way your company handles personal data? While I don’t wish to duck the question, I have no legal training in data protection law, and therefore I cannot offer you any legal advice. But I can direct you to this highly informative blog, which breaks the rules down into six simple points.
However, having just overseen GDPR implementation in the company alongside the HR and Admin departments, I can tell you about the changes that we have made to ensure that our member’s data is safe and secure.
GDPR: the steps we have taken…
At the Transport Exchange Group, as a collaborative logistics platform with 5,300 members, we are responsible for safeguarding the data of thousands of owner drivers, operators, 3PLs, 4PLs and freight forwarders. Therefore, we already have stringent data policy agreements in place already. But, that said, we have worked hard over the last year to ensure that the current measures we have put in place meet the new GDPR legislation.
We began by ensuring that everyone in the company was not only aware of the new law, but also the impact that it would have on the business. We then appointed dedicated Data Protection Officer, who sits in our HR team.
Secondly, the ICO advises, that you are able to “document what personal data you hold, where it came from and who you share it with”. Thankfully, as our current procedures around data collection and storage adhere to current Data Protection guidelines – all personal data is already encrypted – this was a fairly straightforward exercise.[iv]
Third, we updated our terms and conditions around privacy and data protection policy, which clearly highlight to our members that in the unlikely event of a data breach, we have the right mechanisms in place to identify, report, and investigate that breach.
Fourth, while our back office and frontline staff are already exceptionally well versed on the current data protection laws, we’ve provided them with comprehensive training so that they are suitably equipped to spot any breaches, that if left unchecked, could potentially lead to fines.
GDPR policy: an innovation starter…
With less than a week to go before GDPR is introduced, we see it as an extremely positive and exciting development, which has the potential to bring about much needed change to the industry. Why? Because with the freight sector still heavily reliant on paper, there is a greater potential for personal data breaches. Therefore, GDPR provides the sector with the impetus it so badly needs to move over to automated content management systems, which would provide operators, both large and small, with an easily accessible and forensic documentation trail.
At the Transport Exchange Group, this is something that we are very passionate about. We have created a paperless billing function on our app, and owner drivers can also send PODs digitally to their customers using our technology. But that is just the start. Artificial Intelligence, Big Data and the Internet of Things will promote even greater efficiencies across the entire freight supply chain.
If GDPR has a hand in sparking these exciting innovations, then that can only propel the industry to even greater heights.
About the Author
Marc Clifton is the Managing Director of the Transport Exchange Group and leads on data protection implementation in the Transport Exchange Group.
Are you a Transport Exchange Group member? Do you have questions about GDPR? If so, please see the ICO’s 12 step guide entitled, ‘Preparing for the General Protection Regulation (GDPR)’.
If you are a CX or HX member, and have further queries, please contact Faisal Rasouli, the Transport Exchange Group’s Data Protection Officer (DPO) at firstname.lastname@example.org
[i] Nile HQ
GDPR for Dummies
By Kate Bordwell
13, February 2017
[ii] GDPR – how air cargo operators can ensure a safe landing in May 2018
Freight Industry Times
By Shalen Sehgal
[iii] Roadway magazine (RHA)
Is your firm GDPR ready? The final countdown begins
[iv] ICO website
Preparing for the GDPR – 12 steps to take now