Tuesday, November 7, 2017

Road Haulage Operators and Other Freight Interests Under Threat From Data Protection Regulations

Huge Potential Fines Should Spur Logistics Outfits Into Preventative Action
Shipping News Feature
UK – With new data protection legislation due to come into force on 25 May 2018 it is time to take a look at how the rules will affect those in the freight forwarding and logistics sectors as well as shippers and road haulage operators, including those classed as small or medium enterprises (SMEs). Ignorance with regard to the incoming General Data Protection Regulation (GDPR) could lead to crippling financial penalties for those who abuse it, inadvertently or otherwise.

In August a global market insight (GMI) survey across a range of sectors and regions indicated that only 31% of SME’s stated they understood what ‘personal data’ means in a business context. The survey, published by Close Brothers in its quarterly Business Barometer, also showed less than half of the 900 companies canvassed thought they understood the new and extended rights that come with GDPR which customers have when it comes to collecting and utilising their personal information. Neil Davies, CEO, Close Brothers Asset Finance, comments:

“The GDPR’s definition of personal data makes it clear that even online identifiers, for example an IP address, can be personal data. The new definitions provide for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people. More than 40% of [respondent] firms are unconvinced about their readiness ahead of May 2018.

”How it works is that companies must get prior consent from data subjects (opt in) and record that consent. What’s more, the consent must relate specifically to the purposes of why a company needs that data; companies cannot get consent for one purpose and then use the gathered personal data for another. On top of this, consumers must be able to revoke their consent as easily as it was originally given because many consumers complain that it is easy to opt in to data gathering, but difficult to unsubscribe or opt out.”

To see how GDPR relates to the road freight sector Helen Goldthorpe and Richard Wadkin of law firm Shulmans LLP wrote this month how the new rules apply to operators, and some of the sources mentioned should give cause for all those affected to prick up their ears and ensure they have preparations in place to comply. Commercial drivers for example collect vast amounts of data in an age of telematics and with dash cams a fixture in such a high percentage of cabs.

A courier with a handheld recorder carries with them a huge amount of personal data including names, addresses, signatures etc. Back in the office the employer also holds the personal details of staff including licences, whereabouts at any given date and time, record of incidents and so forth. Often this is revealed to others, both public bodies as with driving licence information or potential penalties for speeding, parking etc. and private companies in the case of insurance claims in the light of an accident.

The Information Commissioner’s Office (ICO) will have the ability to impose fines based on a percentage of worldwide turnover or a fixed sum, whichever is higher. Currently the maximum penalty stands at a ‘mere’ half a million pounds. From May 2018 the ICO can levy up to €10 million or 2% of global turnover with the potential to increase to €20 million for serious breaches. Additionally the European Commission talks darkly of possible ‘penal sanctions’ in the Data Protection Working Party report (Article 29) which it published last month.

So how does any company, regardless of size or industry, proceed in order to avoid the potentially huge penalties one might incur for transgressions? The ICO has published guidelines on how the new rules apply and will be applied but it is clear that for many operations of any size it is advisable, if not absolutely necessary, to appoint a Data Protection Officer. Even small companies will benefit from this, particularly if the duties can be taken on by an existing staff member.

We have often witnessed how stringently the EU can apply rules and levy penalties when the regulations are ignored or bypassed, and there is no reason whatsoever to believe that, whatever the outcome of Brexit negotiations, Britain’s policies and penalties will not mirror those of her continental cousins. As with Health & Safety legislation, companies ignoring this latest administrative burden will do so at their considerable peril.