GDPR - the final sprint
With less than a month to go before the General Data Protection Regulation sweeps in, you would think that almost all businesses would be on the home stretch with GDPR compliance by now. Surprisingly, results just in from a survey by KPMG Global Legal Service show that out of 448 institutions surveyed more than half (54%) reported that they are not in compliance.
The main stumbling block appears to be third-party vendors. According to the survey, an overwhelming majority of businesses can’t confirm whether their down-the-line vendors are adhering to the regulations.
With the clock rapidly counting down to 25 May, there’s no time for any business to bury its head in the sand. This remaining time should be used to carry out data mapping and approach managing suppliers and subcontractors that may hold or access personal information that your enterprise is responsible for.
Arguably more so than any other sector, the freight and logistics industry generates and manages large volumes of documentation that are spread across multiple databases across the supply chain. There’s a huge amount of data sprawl - airway bills, invoices, proof of delivery documents, release notes, manifests and so on.
Other peculiarities that impact the sector’s GDPR compliance are the many mergers and acquisitions over the years by airlines and airfreight operators. This has resulted in, dozens, hundreds, or even thousands of disparate databases spread across multiple physical locations and cloud environments. Determining where EU data subject information is located can be a struggle.
The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible. This includes archived information stored in warehouses or office basements that can be accessed by unauthorised personnel or stolen or destroyed by fire. As well as the volumes of airfreight documentation, the reach of the regulation includes chronologically ordered sets of manual records containing personal data such as HR files, passports, bank statements and so on.
To comply with the data handling principles of GDPR, businesses must first of all know exactly what personal data they hold, where it is located and how they can access it easily. When much of this documentation, such as invoices, airway bills, manifests comes in paper form that is no easy task.
SHIELDIntelefile can really help a business to meet the requirements of the GDPR. It was developed in collaboration with freight/logistics industry experts and offers employers the ability to scan paper documents, electronically store them in a secure location, archive and access them at the touch of a button via the SHIELDIntelefile portal. All of the scanned documents are accepted as legally equivalent to originals in most jurisdictions.
There is still time to ensure that your business is fully GDPR compliant. Contact us for a quote without delay.
Director of Business Development