Metafour is prepared for GDPR
Comply with GDPR regulations before 25th May 2018
The EU’s new data protection and privacy laws, the General Data Protection Regulation (GDPR) are close to becoming a reality. GDPR laws will take effect from 25 May 2018, and despite Brexit, it will still affect UK companies.
GDPR is going to have a significant impact on UK logistics companies. GDPR will govern how you process data. From personal data relating to staff and subcontractors to the identities of mail senders and recipients, every detail relating to living identifiable individuals will be heavily regulated. There is also going to be a huge increase in the fines for not complying with the new regulations. Up to €20m or 4% of group worldwide turnover, whichever is higher in some cases. Both data controllers and processors will be liable under the new regime.
Who does GDPR apply to?
- GDPR applies to ‘controllers’ and ‘processors’.
- A controller determines the purposes and means of processing personal data.
- A processor is responsible for processing personal data on behalf of a controller.
In the relationship between a Logistics company and its software provider, the logistics company or courier is the controller, and their software provider (in this case Metafour) is the processor.
- If you are a processor, GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
- However, if you are a controller, you are not relieved of your obligations where a processor is involved – GDPR places further obligations on you to ensure your contracts with processors comply with GDPR.
- GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
- GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
Logistics providers and courier companies process enormous amounts of personal data each day in the form of customer bookings which means that data protection and information security are critical business risks. New GDPR rules also impose strict contract requirements, and you will need to update legal agreements and policies to avoid a breach of the new law. Contracts being entered into now, which are still in force next May, should be GDPR compliant.
The GDPR may require you to appoint a Data Protection Officer, and you will have to carry out privacy impact assessments and facilitate enhanced data subject rights.
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision making including profiling
If you do suffer a security breach, it will have to be reported to your customers or the regulator, and possibly also to the individuals affected, depending on the circumstances. These are just a few of the changes, and further privacy reforms (which could have a significant impact on B2B marketing) are also on the horizon.
All this is an important change to the way your business operates, so key people within your organisation need to be made aware of the revisions your business will need to make. No UK business that holds or uses people’s personal data can afford to ignore these new laws!
Some companies already have the proper use of data on their radar; many of the requirements of GDPR could, therefore, be considered business as usual. However, we know that for many companies, GDPR will represent a radical change in how they do business. It is critical that senior management is made aware of the impact sooner rather than later; and that all members of staff are trained and brought up to speed on the changes over the next six months.
GDPR compliance might seem overwhelming, but it does not have to be that way.
GDPR 2018 WILL affect your business – but you can easily stay ahead of the curve by preparing correctly with the right consultation and partnerships.
Metafour is committed to providing a level of data security which meets the needs of our clients and conforms to the requirements of the General Data Protection Regulations.
We have implemented the Metafour Information Security Project which is progressing two actions in parallel:
- Long-term: Implement a systematic approach to developing our information security management system and having it externally audited to demonstrate that it meets the requirements of ISO 27001.
- Short term: carry out a gap analysis to identify the immediate changes that are required for GDPR and implement those actions
We are pleased to announce that Metafour has passed the Cyber Essentials assessment. Cyber Essentials aims to help organisations implement basic levels of protection against cyber attacks. This is just one step Metafour has taken in our commitment to taking cyber security seriously and keeping our customers’ systems safe.