A new level of data protection
The European General Data Protection Regulation (GDPR) went into effect on May 25, 2018 after a two-year transitional period. The regulation places stricter requirements on companies and authorities for ensuring data protection and imposes tough penalties for non-compliance. Being a German-based company, DACHSER acts as per GDPR on a worldwide scale, especially as the new regulations apply to data on EU citizens around the world.
Every person has the basic right to control his or her data: What data about them is stored? How is it used? Is it ever deleted? This is the core content of the GDPR which took effect on May 25, 2018 and standardized data protection laws across the EU. As a result, every company around the world that collects or processes personal data on EU citizens has to contend with new, stricter regulations concerning the processing of that data. They focus particularly on the collection, use, and storage of personal data as well as its deletion, plus strengthens protection against unauthorized access to the data.
Companies in the logistics industry have to address this topic as well and take the appropriate precautionary measures. These are of both a technical and a procedural nature: Is there an up-to-date overview of all a company’s systems which collect or contain personal data? Is collecting it necessary for performing a contract? Has consent been given for collecting and using the data, and is it appropriately documented? In general, the GDPR requires that records, information, processes, and receipts are documented in a legally secure and transparent manner.
Moreover, companies in which ten or more employees regularly handle personal data must appoint a corporate data protection officer. To comply with the GDPR from the outset, data protection standards shall be technically incorporated right from the start of any data processing procedures. These principles of “privacy by design” and “privacy by default” are enshrined in Article 25 of the GDPR.
Every company is responsible for compliance with the GDPR. If a third party processes personal data on behalf of a company, this is called order processing and both, the contracting company (controller) and the third party (processor), are responsible for complying with the GDPR. In addition, these cases require an agreement on order processing.
DACHSER is responsible for ensuring the protection of personal data needed for rendering freight-forwarding services. As per applicable legislation, this does not require an agreement on order processing.
Ensuring data protection has always been an important concern of ours, even before GDPR took effect. DACHSER has made intensive preparations to be ready in terms of technology and processes to implement new additional regulations of the GDPR.
Personal data has always been used only to process requests, fill orders, and—provided consent has been given—to grant access to special information or offers. We also need this consent in order to send you the DACHSER newsletters in the future. In what’s called the double-opt-in process, all recipients must confirm in a two-step approval process that they wish to continue receiving information.