Current Issues

Regular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.

Addressing SME GDPR Misperceptions

27-Mar-2018
Addressing SME GDPR Misperceptions
With biggest upheaval in data protection regulation due to come into force in a matter of weeks, it is a concern that so many organisations – typically smaller companies – are not prepared. From a lack of awareness of the new customer data rights to the business implications of failure to comply and a mistaken belief that GDPR only affects marketing, Mike Cockfield, Managing Director at Khaos Cloud, explains the vulnerabilities that will be exposed in spreadsheet based data sources.

GDPR does not just affect Marketing
For those organisations that are aware of GDPR, and when it comes to small businesses they are in the minority, far too much focus is being placed on the marketing aspects of GDPR. Businesses are worrying about double opt-in requirements and making landing page changes in a bid to safeguard valuable customer and prospect mailing lists. But GDPR has an impact far beyond marketing; customer information is collected at every stage of the process, from sales to delivery and invoice.

The truth is that GDPR compliance responsibility should actually fall to an individual without any vested interest in the data. While smaller companies are not required to appoint a Data Protection Officer (DPO), it is recommended that an individual outside of sales, marketing or customer service handles compliance.

Companies need to stop labelling GDPR a marketing problem and recognise its operational significance.

Spreadsheet Vulnerability
There are a number of different aspects of GDPR that will cause huge problems for organisations reliant upon spreadsheets to record customer information. From the right to be informed to the right to access and the right to rectification, how can an organisation confidently respond to new customer rights under GDPR, when data is located across several spreadsheets?

Furthermore, this information needs to be provided electronically and within 28 days – what is the plan for locating and sharing this information and, critically, how confident is the business that every piece of data relating to that customer has been located?

Without systematically organised data, this is going to be tough. Even at the most basic level of compliance, if a customer requests to be deleted from a mailing list, it is not enough just to take the name off the spreadsheet. To meet GDPR requirements, the business must also be able to demonstrate a robust audit trail and that includes an entry on the system that explains why the customer has been deleted, by whom and when. Furthermore, it is essential to ensure that information is not accessible to be changed.

Customers will also be able to request information about how their information is being used: what automated processes are being run and how are profiling decisions being made? An organisation unable to respond to such requests will be wide open to both customer complaint and regulatory non-compliance. GDPR compliance requires a systematic approach to data management plus clear process documentation.

Financial Data Requirements do not Trump GDPR
It is easy to assume that HMRC’s requirements for the seven-year retention of financial information automatically out-ranks any European customer data requirements. But that is simply not true. Yes, financial data needs to be retained even if a customer has enforced the right to be forgotten; but it must be anonymised.

What is the for anonymising data, from delivery notes to invoices? How will it ensure none of this information is included in business reports, such as sales trends based on postcode analysis? Whilst it is possible to label a spreadsheet column ‘do not process’ and build in relevant macros, this is not a sustainable, long term model. If the business is being audited as a result of breach or customer complaint, the regulator will have concerns about such an ad hoc approach.

In contrast, a robust ERP solution should automate the entire process - from anonymising data to ensuring sales reports automatically enforce GDPR processes.

Conclusion
While GDPR is building on existing data protection legislation, the new scale of fine and the level of personal liability raises the stakes. Can any small business afford a fine in the region of 4% of turnover? GDPR affects businesses of any size – without the ability to anonymise data, to prevent data from being processed, and demonstrate how automated processes are being run, the potential business risks are unthinkable.

Selecting the best Transport Management System - One of the most important logistics decisions you’ll make
6 days ago
“Digital Transformation” and Supply Chain Planning
6 days ago
Coolest Advice for Making Blockbuster IoT Devices?
6 days ago
The Fall of ‘Made in China’
1 week ago
How can artificial intelligence help the food industry?
1 week ago
Streamlining Operations With Waveless Picking
2 weeks ago
Creating a common standard for the fashion supply chain…
3 weeks ago
5 Steps to Improve Your Business’s Supply Chain
3 weeks ago
Procurement is joining the dots with technology to achieve greater strategic benefits
3 weeks ago
Don’t get red-carded shipping World Cup items into Russia
3 weeks ago
Trash talk: how waste management could become an engine for business growth
4 weeks ago
Could consumers drive a business tech revolution?
4 weeks ago
Jungheinrich Opinion: The Connected Engineer
1 month ago
Debunking the myths of the Hybrid Cloud
1 month ago
How to Future-Proof a Retail Business
1 month ago
How Enterprise Label Solutions Streamline Supply Chain Management
1 month ago
Ignorance 4.0? UK manufacturing and engineering competitiveness at risk from lack of knowledge
1 month ago
Untangling S&OP and S&OE
1 month ago
The ghosts of retail past, present and future
1 month ago
How to safeguard customer loyalty using digital platforms
1 month ago
The last mile starts with a single step
1 month ago
How citizen developers can speed up business app development
1 month ago
RFID – The missing link in customer insight
1 month ago
Turning blockchain into a real supply chain advantage
1 month ago
Achieving a Sustainability-Centric Retail Model
1 month ago
Gartner Says Global IT Spending to Grow 6.2 Per Cent in 2018
1 month ago
Monster opportunity: the Vampire Economy will take wings this year with late night deliveries
1 month ago
Falsified Medicines Directive: What are the practical considerations for wholesalers and Logistics Partners?
1 month ago
UK manufacturing sees solid growth in March
1 month ago
Elevating IT in financial services
1 month ago
The best, not the biggest
1 month ago
What it’s like to be a woman in logistics
1 month ago
Building the Business Case for Digital Transformation of Supply Chain Planning
1 month ago
Is artificial intelligence fiction or fad?
1 month ago
Ecommerce Returns Best Practice: How to minimise Lost Profits and maximise Customer Satisfaction
1 month ago
How the connected distribution centres are helping organisations keep consumer demand at bay
1 month ago
Latest ONS figures show online stores continue to eat the High Street’s lunch’, says ParcelHero
1 month ago
SAP HANA Enterprise Cloud: A Strong Pillar of SAP’s Strategy
2 months ago
Food for thought: time to trim the waste line
2 months ago
Redefining supply chain visibility
2 months ago
Questions to ask yourself before investing in business management software
2 months ago
How the Tariffs Will Impact Supply Chain Execution
2 months ago
Ethics and the supply chain
2 months ago
Spring Statement Summary – The Good, The Bad And The Ugly
2 months ago
Four ways the UK retail supply chain differs from the rest of Europe
2 months ago
What Is Planning?
2 months ago
Only 6% of companies believe they've achieved full supply chain visibility
2 months ago
Why are some businesses slipping up when it comes to Health and Safety?
2 months ago
End the tax attacks: ParcelCompare calls for sanity as US-EU trade war escalates
2 months ago