• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » The Supply Chain Challenges of GDPR Compliance

The Supply Chain Challenges of GDPR Compliance

May 1, 2018
Brad Bussie

The GDPR also addresses the export of anyone’s personal data outside of the EU, as personal data no longer knows or respects international borders. This mandate is especially important given the recent revelations about Facebook’s user data being compromised by foreign meddling in the 2016 U.S. presidential election.

Here’s the big catch: Under the GDPR language, European citizens have the right to be forgotten, regardless of how an organization obtained their information in the first place. In other words, Europeans will have the right to “opt out” of external retention of their personal data, if they so choose. Unfortunately, the GDPR might not be taken seriously by everyone until the first few casualties make the headlines and some hefty fines are assessed.

Enactment of this new rule marks a promising step forward for personal data privacy across Europe. However, it presents real concerns for tech managers who are responsible for storing and protecting their organizations’ information as it flows in and out of supplier networks.

Overall, most businesses appear ready to comply with GDPR, which represents the logical evolution of compliance rules beyond current regulations. The problem for most IT managers is that people in their organizations who are potentially exposed to personally identifiable information need to be ready for GDPR — but how can you protect your people against something they don’t fully understand? Furthermore, how can you protect your customer data when it is shared with supplier partners?

Probably the biggest challenge to the implementation of GDPR involves the massive and growing volumes of data produced today, and the tension between protecting internal data while still sharing product and consumer information with partners across distributed supply chains. The core problem is that most organizations do not fully understand what data they possess across their vast corporate databases, product catalogs, e-mail systems, budget spreadsheets and HR records, not to mention countless Word documents, slide presentations and social media postings.

Take for instance a recent data breach that struck a well-known shipping organization. Data that had been part of a previous acquisition for the firm was leaked because it had been forgotten about, so it remained unprotected. Under the new GDPR mandate, the shipping organization would have been hit with severe financial fines for such a lapse. Yet does the threat of such a penalty make what happened different or avoidable? That still remains unclear.

In terms of protecting internal data vs. overcoming supplier challenges, the main goal should be to implement strict procedures for data classification, protection and disposal.

Nearly every sizable supplier will need to comply with GDPR, even ones that do not directly do business within the EU. This is because such suppliers are still likely to incorporate some data that pertains to EU citizen information.

In addition, organizations typically require some form of non-disclosure agreement or master services agreement with their suppliers. GDPR will ratchet up the pressure to include language in those agreements about consumer information and its proper handling. Companies will need to go back and re-examine the agreements they have signed with suppliers, and update them to cover any new data privacy requirements.

To remain compliant with GDPR, here are the six lawful bases for processing someone’s personal data:

1. Consent. A person has given the company clear consent to process their personal data for a specific purpose.

2. Contract. The processing is necessary for a contract signed by an individual, or because they have asked the company to take specific steps before entering into a contract.

3. Legal Obligation. The processing is necessary for the company to comply with the law, not including contractual obligations.

4. Vital Interests. The processing is necessary to protect someone’s life or well-being.

5. Public Task. The processing is necessary for a company to perform a task in the public interest or for official functions, and the task or function must have a clear basis in law.

6. Legitimate Interests. The processing is necessary for the company’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

The expectation for a person to be forgotten lies at the heart of all the new GDPR requirements. EU citizens have the right to have all their personal records purged from company data storage systems. The company has a brief window to comply and to report that its system has been updated to honor the request.

There is little wiggle room for missed oversight under the GDPR mandate. To guarantee accuracy throughout the supply chain, organizations must know what data they possess, how to protect their data, and how to monitor their data systems for compliance.

Achieving this outcome will require a comprehensive review of internal policies for data retention, business processes, and technology systems. In turn, all these elements must work together in coordination with supplier systems to overcome the considerable challenges of meeting GDPR compliance.

Brad Bussie is principal security strategist for IT solutions company Trace3.

Comment on this article

RELATED CONTENT

RELATED VIDEOS

Logistics Outsourcing Technology Data Management (Big Data/IoT/Blockchain) SC Planning & Optimization Supply Chain Visibility Business Strategy Alignment Global Supply Chain Management Quality & Metrics Regulation & Compliance SC Security & Risk Mgmt
KEYWORDS Big Data/IOT Business Strategy Alignment Global Supply Chain Management Logistics Outsourcing Quality & Metrics Regulation & Compliance SC Planning & Optimization SC Security & Risk Mgmt Supply Chain Analysis & Consulting Supply Chain Visibility Technology
  • Related Articles

    The Impact of Social and Regulatory Compliance on the Supply Chain

    Smart Manufacturing: The Supply Chain Challenges of Making Highly Engineered Products in a Dynamic Environment

    The Impact of Social and Regulatory Compliance on the Supply Chain

Brad Bussie

The Supply Chain Challenges of GDPR Compliance

More from this author

Wake up to Coronavirus Updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • Semiconductor

    Why Shortages of a $1 Chip Sparked a Global Economic Crisis

    Coronavirus
  • U.S. Manufacturing

    How COVID-19 Will Cause Permanent Changes in Manufacturing Strategies

    Coronavirus
  • Retailers Seen Closing Thousands of Stores

    Retailers Seen Closing Thousands of Stores Even After Pandemic

    Coronavirus
  • What Will Biden’s Executive Order on Critical Supply Chains Achieve?

    Watch: What Will Biden’s Executive Order on Critical Supply Chains Achieve?

    Coronavirus
  • EV battery

    EV-Battery Rivals Race to Sway Biden on Import Ban

    Technology

Digital Edition

Scb feb 2021 lg

2021 Supply Chain Management Resource Guide

VIEW THE LATEST ISSUE

Case Studies

  • Remote Implementation: A Dose of the Right Medicine for B2B Pharmacy

  • LSP Saves Customer $1.5 Million a Year With MPO Global Inbound Management

  • Auto Supplier Wows Key Client Using riskmethods Supply Chain Savvy

  • Integrating Shipping and Compliance Saves Conglomerate Millions

  • How a Consumer Goods Giant Upped Its On-Time Delivery Performance

Visit Our Sponsors

Yang Ming 6 River Systems ArcBest
Armada aThingz BluJay
Burris Logistics DSC Logistics DCSA (Digital Container Shipping Association)
DHL Resilience360 Flash Global Genpact
Geodis GEP GreyOrange
Honeywell Corporate Honeywell Intelligrated Infor
Inmar Kibo Commerce Kinaxis
Logility Magnitude Software MPO
Old Dominion Oliver Wight OpenSky
Paccurate Ports America Purolator
QAD Precision Red Classic Riskmethods
S&H Systems Snapfulfil TGW Systems
Tradepoint Atlantic Transportation Insights Watson Land Company
Westfalia Technologies Workjam
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2021 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing