That’s the warning from Fleet Operations, a provider of outsourced fleet management services. It says many transport operators are underprepared for the introduction of the GDPR, on 25 May, which requires them to comply with new rules to safeguard personal data.
Notably, it points out, organisations will be responsible for data protection breaches at any point within the supply chain – putting fleet operators in a high risk category.
Brian Hardwick, head of operations at Fleet Operations, says there is a perception that the new regulation calls for only a “minor adjustment” to ensure compliance, when in fact “businesses need to assess their entire supply chain to ensure each link is secure”.
He explains: “As a starting point, it is vital for organisations to map all data flows across the business, which means documenting all data coming in and going out, as well as the various organisations or individuals that process information at each point in the supply chain.
“Contracts must now be in place between the data controller and data processor in each of these data transactions covering all the requisite details outlined by the GDPR.”
With a maximum fine of €20 million or 4% of turnover, whichever is greater, this is too serious an issue for businesses to hand to their designated data controller, Hardwick warns. “Everyone should bear some of the burden... A breach could occur due to something as simple as copying someone into an email thread that contains data they do not have consent to view.”
Decide how you will address the new regulation and tell all staff, he urges: “Put data protection at the centre of your organisational culture.”
The government’s Information Commissioner’s Office (ICO) has published useful guidance on GDPR, including steps that businesses should take before the new rules come into force. Click the link below.