• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » The Supply Chain Challenges of GDPR Compliance

The Supply Chain Challenges of GDPR Compliance

May 1, 2018
Brad Bussie

The GDPR also addresses the export of anyone’s personal data outside of the EU, as personal data no longer knows or respects international borders. This mandate is especially important given the recent revelations about Facebook’s user data being compromised by foreign meddling in the 2016 U.S. presidential election.

Here’s the big catch: Under the GDPR language, European citizens have the right to be forgotten, regardless of how an organization obtained their information in the first place. In other words, Europeans will have the right to “opt out” of external retention of their personal data, if they so choose. Unfortunately, the GDPR might not be taken seriously by everyone until the first few casualties make the headlines and some hefty fines are assessed.

Enactment of this new rule marks a promising step forward for personal data privacy across Europe. However, it presents real concerns for tech managers who are responsible for storing and protecting their organizations’ information as it flows in and out of supplier networks.

Overall, most businesses appear ready to comply with GDPR, which represents the logical evolution of compliance rules beyond current regulations. The problem for most IT managers is that people in their organizations who are potentially exposed to personally identifiable information need to be ready for GDPR — but how can you protect your people against something they don’t fully understand? Furthermore, how can you protect your customer data when it is shared with supplier partners?

Probably the biggest challenge to the implementation of GDPR involves the massive and growing volumes of data produced today, and the tension between protecting internal data while still sharing product and consumer information with partners across distributed supply chains. The core problem is that most organizations do not fully understand what data they possess across their vast corporate databases, product catalogs, e-mail systems, budget spreadsheets and HR records, not to mention countless Word documents, slide presentations and social media postings.

Take for instance a recent data breach that struck a well-known shipping organization. Data that had been part of a previous acquisition for the firm was leaked because it had been forgotten about, so it remained unprotected. Under the new GDPR mandate, the shipping organization would have been hit with severe financial fines for such a lapse. Yet does the threat of such a penalty make what happened different or avoidable? That still remains unclear.

In terms of protecting internal data vs. overcoming supplier challenges, the main goal should be to implement strict procedures for data classification, protection and disposal.

Nearly every sizable supplier will need to comply with GDPR, even ones that do not directly do business within the EU. This is because such suppliers are still likely to incorporate some data that pertains to EU citizen information.

In addition, organizations typically require some form of non-disclosure agreement or master services agreement with their suppliers. GDPR will ratchet up the pressure to include language in those agreements about consumer information and its proper handling. Companies will need to go back and re-examine the agreements they have signed with suppliers, and update them to cover any new data privacy requirements.

To remain compliant with GDPR, here are the six lawful bases for processing someone’s personal data:

1. Consent. A person has given the company clear consent to process their personal data for a specific purpose.

2. Contract. The processing is necessary for a contract signed by an individual, or because they have asked the company to take specific steps before entering into a contract.

3. Legal Obligation. The processing is necessary for the company to comply with the law, not including contractual obligations.

4. Vital Interests. The processing is necessary to protect someone’s life or well-being.

5. Public Task. The processing is necessary for a company to perform a task in the public interest or for official functions, and the task or function must have a clear basis in law.

6. Legitimate Interests. The processing is necessary for the company’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

The expectation for a person to be forgotten lies at the heart of all the new GDPR requirements. EU citizens have the right to have all their personal records purged from company data storage systems. The company has a brief window to comply and to report that its system has been updated to honor the request.

There is little wiggle room for missed oversight under the GDPR mandate. To guarantee accuracy throughout the supply chain, organizations must know what data they possess, how to protect their data, and how to monitor their data systems for compliance.

Achieving this outcome will require a comprehensive review of internal policies for data retention, business processes, and technology systems. In turn, all these elements must work together in coordination with supplier systems to overcome the considerable challenges of meeting GDPR compliance.

Brad Bussie is principal security strategist for IT solutions company Trace3.

Comment on this article

RELATED CONTENT

RELATED VIDEOS

Logistics Outsourcing Data Management (Big Data/IoT/Blockchain) Supply Chain Planning & Optimization Supply Chain Visibility Technology Business Strategy Alignment Global Supply Chain Management Quality & Metrics Regulation & Compliance Supply Chain Security & Risk Mgmt
KEYWORDS Big Data/IOT Business Strategy Alignment Global Supply Chain Management Logistics Outsourcing Quality & Metrics Regulation & Compliance SC Planning & Optimization SC Security & Risk Mgmt Supply Chain Analysis & Consulting Supply Chain Visibility Technology
  • Related Articles

    The Impact of Social and Regulatory Compliance on the Supply Chain

    Smart Manufacturing: The Supply Chain Challenges of Making Highly Engineered Products in a Dynamic Environment

    The Impact of Social and Regulatory Compliance on the Supply Chain

Brad Bussie

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A COMPLEX SERIES OF ROADWAYS AND RAMPS, SEEN FROM HIGH ABOVE, IS PARTLY SHROUDED BY CLOUD

    Supply Chain Visibility Isn’t Just a Catchphrase; It’s an Imperative

    Logistics
  • A TRUCK LEAVES A PORT DOCK LOADED WITH A CONTAINER

    C.H. Robinson Digs in Against Activist Investor Ancora

    Freight Forwarding/Customs Brokerage
  • A MESSY JUMBLE OF BOXES SIT ON THE FLOOR OF A WAREHOUSE

    Supply Chain Lessons to Bring into 2023

    Forecasting & Demand Planning
  • A CONTAINER SHIP PLIES A SILVERY OCEAN

    CVC Nears Deal to Acquire Logistics Firm Scan Global

    Logistics
  • MANY COGS INTERACT TOGETHER, ONE PAINTED WITH THE FLAG OF MEXICOStock-natatravel-1261506189.jpg

    Mexico’s Industrial Hubs Grow as Part of Shift Toward Nearshoring

    Logistics

Digital Edition

Scb q1 2023 cover

2023 Supply Chain Management Resource Guide: Packing for a Difficult Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing