GDPR – how air cargo operators can ensure a safe landing in May 2018
The airfreight industry is already one of the most heavily regulated sectors and will become even more so once the GDPR is in effect next May.
Freight and logistics operations generate and manage large volumes of documentation including airway bills, invoices, proof of delivery documents, release notes, manifests and so on. The GDPR applies to personally identifiable data relating to EU citizens, including names, ID numbers, location data, contact data and online identity. This includes personal identification documents belonging to consignees or couriers that, in the case of airfreight operators and airlines, are spread across multiple databases. The regulation’s definition makes it clear that even information such as online identifiers, which include an IP address or a Twitter handle, can be personal data.
The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible. This includes archived information stored in warehouses or office basements that can be accessed by unauthorised personnel or stolen or destroyed by fire. As well as the volumes of airfreight documentation, the reach of the regulation includes chronologically ordered sets of manual records containing personal data such as HR files, passports, bank statements and so on.
To comply with the data handling principles of GDPR, businesses must first of all know exactly what personal data they hold, where it is located and how they can access it easily. When much of this documentation, such as invoices, airway bills, manifests comes in paper form that is no easy task.
This is where a leading edge document management system such as SHIELDIntelefile can really help a business to meet the requirements of the GDPR. It was developed in collaboration with freight/logistics industry experts including airlines, shippers, freight forwarders, customs authorities, and ground handlers to reduce cost and manage business documents.
It offers employers the ability to scan paper documents, electronically store them in a secure location, archive and access them at the touch of a button via the SHIELDIntelefile portal. All of the scanned documents are accepted as legally equivalent to originals in most jurisdictions.
The GDPR requires companies to have formal processes in place to manage the data that they hold. This means they must be able to store it safely for long periods of time and also be able to completely erase it upon request by the data subject. The SHIELDIntelefile document management system gives the employer the ability to put these processes in place very easily and quickly.
The sanctions for breach of GDPR data handling principles are game changing - up to €20m or 4% of the company’s annual turnover. The risk posed by such sanctions cannot be ignored. SHIELDIntelefile can help any company faced with mountains of paperwork to keep on top of it and avoid being hit by large regulatory fines.
You can find out more about SHIELDIntelefile here.