Data is a topic that’s warmer than lava. The implementation date for the General Data Protection Regulation (GDPR) is 05/28/2018 and if your business isn’t ready for this change in legislation you’ll be in seriously hot water.
GDPR (General Data Protection Regulation) is an EU law being implemented in May 2018. It covers the protection of personal data for all individuals within the EU and is designed to give EU residents and citizens control of their data. It applies to businesses based in, trading with, and trading within the EU.
Know how every aspect of your supply chain is managed
The most significant meaning of GDPR for your supply chain is that you must know what your suppliers are doing with the personal data you share with them.
Your business and your suppliers must have lawful purpose in order to hold data on your customers. There are six categories of lawful purpose:
● Consent for specific purposes
● Contractual necessity
● Controller bound by legal obligation
● Protect vital interests
● Controller’s legitimate interests
● Public interest, official duty
But I’m not based in the EU
That doesn’t mean your supply chain can forget about GDPR:
● If any element of your supply chain is based in the EU, it must abide by the GDPR
● If any element of your supply chain trades with the EU, it must abide by the GDPR
GDPR has even broader-reaching significance. For example, one important, behind the scenes, element of a successful supply chain is electronic marketing – digital, content, and email. It impacts your supply chain in many ways:
● As a communications tool
● As a check on efficiency and cost control
● As a means of social responsibility
● As a way of gauging/enhancing customer satisfaction
It’s your company’s responsibility to manage the customer data you share with your suppliers; so if they use it as part of their own electronic marketing then you'll be legally accountable if:
● Your customers are based in the EU
● The marketing activity occurs in the EU
If there is a GDPR breach within your supply chain, the ramifications for your business are severe…
What a GDPR breach means
Among the serious penalties that can be imposed on your business for a GDPR breach are:
● Periodic data protection audits
● A fine up to €20 million (USD$24.43mn), or up to 4% of the annual worldwide turnover for your previous financial year
Any breach must be reported to your customers within 72 hours of it occurring.
GDPR means opportunity, not threat
GDPR provides you with an opportunity to weed out inefficiencies in your supply chain and drive up productivity. For example:
● You can use it to build trust with your customers, letting them know that you are compliant across all stages of your supply chain
● You can centralize all electronic marketing on software that makes it easy to manage your customers data robustly
● You can upgrade your information governance framework and improve the way in which your supply chain operates
GDPR means a lot for your supply chain. But rather than seeing it as a threat, treat it as an opportunity to manage your data in a way that wins your customers’ trust. Then GDPR will mean an improvement in your supply chain, not a collapse.
Recommended reading: Data Drives The Supply Chain But Data Storage Can Cripple Yours
Victoria Greene is a branding consultant and freelance writer. On her blog, VictoriaEcommerce, she shares tips on how brands can use the latest technological developments to make their business even more efficient.