On 28th May next year, a new day will be dawn under the General Data Protection Regulation (GDPR).
Discussing this at lunch with a friend in the fuel industry recently, he clearly understood the challenge facing any supply chain professional: “Yes there’s been plenty of warning about responsibilities, but the scope and definition of logistics is so broad, how do we close the compliance gap, keep it closed and efficiently keep the business running?”
The sequence of processes involved in the supply of forecourt retailers is hugely complex and equally so is the scope of the GDPR’s definition that personal data is, “any information relating to an identified or identifiable natural person (‘data subject’).” In this scenario, any supply chain logistics data about a person will be considered personal information.
Think about delivery drivers who are significantly monitored to assure standards and efficiency, they generate data at a substantial rate. In a connected world this means personal information collides with supply chain data and flows through multiple touch points within a complicated third party ecosystem. Check out this forecourt retail customer infographic; how many and which third party vendors are these insights shared with? I bet the answer from most Chief Logistics Officers using our data to transform is that they don’t know.
Data that pertains to us belongs to us and we have rights over it, but a recent BVRLA survey of fleet operators shows that around half of respondents do not have a clear understanding of their responsibilities or a clear strategy regarding their collection and use of driver and vehicle data. The same survey shows that most of us are uncomfortable with sharing data about our driving behavior and performance, while around a third of us don’t like the idea of the free exchange of details about our location, weather conditions or vehicle performance.
Privacy responsibilities are huge and data-centric brands are under massive pressure from customers and regulators to only engage with third-parties that demonstrate an ability to securely manage and process personal information when accessing it for analytics as part of their service.
My friend and I agree that as our personal information is under threat from the moment its created, privacy as a brand value is a very real competitive advantage to those who get it right.
All supply chain parties can easily start mitigating privacy risk by:
Digital disruption and cloud-based services present very real opportunities for consumers and suppliers alike, but access to our personal data itself is not always necessary for logistics insight.