I recently received a white goods delivery from an online order. It was as expected: I received a text the night before to confirm delivery, an email in the morning from the delivery company with tracking showing exactly where the lorry was and a courtesy phone call from the lorry driver to say they were 10 minutes away. Great communication from the operations team of that company.

I  also received a call later in the day to check the delivery had occurred and to try and sell an extended breakdown cover package.  After 25 May 2018 the above will be illegal under the General Data Protection Regulation (GDPR) and may, potentially, incur large fines.   The reason being that I didn’t give permission for all that contact when I ordered the product.

This is a simple example of how GDPR, which can be assumed to primarily affect outward bound marketing and personnel records, will affect all aspects of operations.

Funnily enough, if I had received a letter to say the product was coming, it would have been legal – providing I wasn’t registered on the mail preference service!

Assume I decide to ask for all my personal information to be removed. Where is my email address and mobile phone number stored? Also my mobile phone number has been on the driver’s mobile phone.  Is the driver self-employed or employed by a different company? Does the delivery company also have a data policy that is acceptable and is implemented?  Does the supply company audit the delivery company’s data – under GDPR they’re responsible for the data they give to the delivery company.

Assume it’s easy to erase that data from the current files?  Have you thought about the back-up systems and how to remove the information?  GDPR will need to be considered from an operations viewpoint.

We’re holding a free webinar to explain GDPR, how it could help you and how to be compliant. To book click here   Alternatively, please contact ku.oc1511475642.ycna1511475642tlusn1511475642oc-eh1511475642T@ret1511475642laS.n1511475642adiA1511475642 or phone 01993 883421.

PS: Possible solutions to the above scenario are to:

  • Ensure there is a tick box for the client to indicate they want to be kept up to date about the delivery by phone/text/email. It could also include checking that a courtesy call may be made to validate the delivery was to your satisfaction.
  • Create and implement (or update) your data policy for suitability for GDPR.
  • Ensure  the transport provider has a suitable data policy which should include deleting personal information xx days after delivery.
  • Plan and undertake a data audit of the delivery company to check your data requirements have been actioned.  It’s your responsibility if your supplier has a data issue with data you supplied.
  • Provide a check box to ask permission to update the client about any recalls / repairs.
  • Write a letter. If the client hasn’t ticked the box and, after checking the client is not on the mail preference service, send a letter about the extended warranty instead of a phone call.
  • Implement a system for handling requests for deleting personal data from all your systems – including back-ups.
  • Capitalise on validating the information you hold on the customer – this is a chance to explain any current offers you might have.
Share →