The importance of data privacy cannot and should not be underestimated. More and more organisations are facing the challenge and finding the right way to handle it is not an easy task. The Logistics Point spoke to Michael Storan, Co-Founder of Dataships, about how supply chain and logistics organisations can improve the way they deal with data privacy and why it is important to work on the matter with care.
‘We find that our customers need someone to focus on their data privacy handling so they can work on their core business,’ begins Storan. Asked why supply chains should work on the topic he looks at the complex network a modern supply chain is. With multiple players being involved at each stage, data is being transferred continuously. There are many areas where a problem might appear and organisations need to be able to detect the weak spots and act when there is something. The big question is who has to act first.
Controller VS Processor
With modern supply chains it is not always very clear who owns the data but for Storan that is a question that has been clearly answered in different legislation like GDPR. There is a clear distinction between the organisation that owns the data and the one that is allowed to process it. A Controller is a person or an organisation that is ultimately responsible for what happens to the data. At the end of the day, whoever is collecting the data from the consumer will have to explain how they handle it and what protections are in place in case of a problem. These legislation have put the consumer back in charge of their data and companies must ensure they are set up in a way that will allow consumers access to their data. Therefore this understanding around the controller and processor is key to a companies success in operating compliantly.
Companies like Dataships are Data Processors. They are allowed by the Controller to handle the information and provide security services. Storan however points out that the Controller is the organisation that is most affected when a problem occurs and we often see in practice that on the data privacy side it is not a problem until it is the biggest problem when there is a request or complaint.
So why outsource the processing of data privacy? The reason is in standards. There are many laws and regulations in place and it is hard for an online shop or even a large logistics organisation to monitor all channels and all changes that happen. A company that specialises in the area is more adapted to the processes and has specialists who can provide focused advice.
As the conversation with Storan continues we turn to legislation. The one with the largest impact so far is the well-known but probably misunderstood GDPR – created by the EU. Multiple companies have already been fined because they had underestimated the powers of GDPR or thought the legislation would not affect them. Storan however looks in another direction when asked what will be the driving force for data privacy.
The large tech organisations like Google and Apple are working hard on improving data privacy for their customers which will ultimately force all organisations using their services to comply too.
All of these combined will mean organisations from every industry will have to adapt quickly and find how to implement the new laws and regulations, as well as how to keep up with the changes. ✷