Current Issues

Regular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.

Addressing SME GDPR Misperceptions

27-Mar-2018
Addressing SME GDPR Misperceptions
With biggest upheaval in data protection regulation due to come into force in a matter of weeks, it is a concern that so many organisations – typically smaller companies – are not prepared. From a lack of awareness of the new customer data rights to the business implications of failure to comply and a mistaken belief that GDPR only affects marketing, Mike Cockfield, Managing Director at Khaos Cloud, explains the vulnerabilities that will be exposed in spreadsheet based data sources.

GDPR does not just affect Marketing
For those organisations that are aware of GDPR, and when it comes to small businesses they are in the minority, far too much focus is being placed on the marketing aspects of GDPR. Businesses are worrying about double opt-in requirements and making landing page changes in a bid to safeguard valuable customer and prospect mailing lists. But GDPR has an impact far beyond marketing; customer information is collected at every stage of the process, from sales to delivery and invoice.

The truth is that GDPR compliance responsibility should actually fall to an individual without any vested interest in the data. While smaller companies are not required to appoint a Data Protection Officer (DPO), it is recommended that an individual outside of sales, marketing or customer service handles compliance.

Companies need to stop labelling GDPR a marketing problem and recognise its operational significance.

Spreadsheet Vulnerability
There are a number of different aspects of GDPR that will cause huge problems for organisations reliant upon spreadsheets to record customer information. From the right to be informed to the right to access and the right to rectification, how can an organisation confidently respond to new customer rights under GDPR, when data is located across several spreadsheets?

Furthermore, this information needs to be provided electronically and within 28 days – what is the plan for locating and sharing this information and, critically, how confident is the business that every piece of data relating to that customer has been located?

Without systematically organised data, this is going to be tough. Even at the most basic level of compliance, if a customer requests to be deleted from a mailing list, it is not enough just to take the name off the spreadsheet. To meet GDPR requirements, the business must also be able to demonstrate a robust audit trail and that includes an entry on the system that explains why the customer has been deleted, by whom and when. Furthermore, it is essential to ensure that information is not accessible to be changed.

Customers will also be able to request information about how their information is being used: what automated processes are being run and how are profiling decisions being made? An organisation unable to respond to such requests will be wide open to both customer complaint and regulatory non-compliance. GDPR compliance requires a systematic approach to data management plus clear process documentation.

Financial Data Requirements do not Trump GDPR
It is easy to assume that HMRC’s requirements for the seven-year retention of financial information automatically out-ranks any European customer data requirements. But that is simply not true. Yes, financial data needs to be retained even if a customer has enforced the right to be forgotten; but it must be anonymised.

What is the for anonymising data, from delivery notes to invoices? How will it ensure none of this information is included in business reports, such as sales trends based on postcode analysis? Whilst it is possible to label a spreadsheet column ‘do not process’ and build in relevant macros, this is not a sustainable, long term model. If the business is being audited as a result of breach or customer complaint, the regulator will have concerns about such an ad hoc approach.

In contrast, a robust ERP solution should automate the entire process - from anonymising data to ensuring sales reports automatically enforce GDPR processes.

Conclusion
While GDPR is building on existing data protection legislation, the new scale of fine and the level of personal liability raises the stakes. Can any small business afford a fine in the region of 4% of turnover? GDPR affects businesses of any size – without the ability to anonymise data, to prevent data from being processed, and demonstrate how automated processes are being run, the potential business risks are unthinkable.

App Insights: How can artificial intelligence innovate supply chain management?
1 week ago
Managing Technological Change Without any Supply Chain Disruption
1 week ago
Moody’s Blues for House of Fraser; but Website Failings are Just as Damaging
1 week ago
Artificial Intelligence: What’s Now And Next In IoT-driven Supply Chain Innovation
2 weeks ago
Indiana Jones and the supply chain bullwhip effect
2 weeks ago
How Enterprise Labeling Helps You Conquer Regulatory Challenges
2 weeks ago
3 Tips for Empowering Millennial Warehouse Workers
2 weeks ago
More robots means easier delivery - but what about the infrastructure?
2 weeks ago
Safety in the warehouse: Five key risk areas for 360-degree protection
3 weeks ago
Automotive resilience, not just airbags and crash tests, but IT too
3 weeks ago
New High Street panel is facing a race against a terminal diagnosis
3 weeks ago
Delivering the supply chain revolution
3 weeks ago
A market of one: the potential of the personalized supply chain
4 weeks ago
5 EIS rules you are probably not aware of
4 weeks ago
TMS: an enterprise priority
1 month ago
Labeling Solutions for Global Expansion
1 month ago
Prime Day will be a $1.6bn loss-leader creating millions more Prime members, says e-commerce expert
1 month ago
Say what? The new possibilities of voice and machine driven retail
1 month ago
‘Peak faith’ in the cloud only 12-18 months away with slump to follow, warns 6point6 Cloud Gateway
1 month ago
As you were for UK manufacturing sector, but new business growth at three month high
1 month ago
Back to IoT basics: Automating outcomes to improve customer experience
1 month ago
Investigation of the "Fast Fashion" impact
1 month ago
Redefining Rental for Materials Handling Equipment
1 month ago
With the Intelligent Enterprise, SAP Creates “A Completely Different Kind of Flexibility”
1 month ago
The supply chain is only as strong as its weakest link
1 month ago
How to Streamline Labeling in the Pharma Space
1 month ago
‘A revolution happened in the way we buy services last week – and no one has noticed!’
1 month ago
Hot Topics at GS1 Connect? Labeling, Blockchain and More
1 month ago
Retailers must Embrace Change
1 month ago
Labeling Solutions That Bridge Islands of Data
2 months ago
My Journey to the World’s Most Important Gathering of Supply Chain Leaders
2 months ago
Workforce of the Future
2 months ago
Securing your supply chain against political uncertainty
2 months ago
On-demand warehousing could help retailers score big this summer
2 months ago
Half of organisations set for major procurement and supply chain AI investment within two years
2 months ago
Brexit, the weather & online shopping: How Britain’s favourite conversations are shaping supply chains
2 months ago
The Road to Regulatory Compliance for Your Supply Chain Labeling
2 months ago
The War on Packaging
2 months ago
Five data dramas that keep your CIO awake at night
2 months ago
As sales fall new report finds many department stores’ websites suffer from clunky integration and poor delive
2 months ago
Got Your Surfboards Ready to Master the Wave of Digitalization?
2 months ago
TrustArc to Offer IAPP Privacy Core® GDPR Training to Address Compliance Requirements
2 months ago
The Market has never been Stronger for Horizontal and Vertical API Platforms
2 months ago
Selecting the best Transport Management System - One of the most important logistics decisions you’ll make
2 months ago
“Digital Transformation” and Supply Chain Planning
2 months ago
Coolest Advice for Making Blockbuster IoT Devices?
2 months ago
The Fall of ‘Made in China’
2 months ago
How can artificial intelligence help the food industry?
3 months ago
Streamlining Operations With Waveless Picking
3 months ago