GDPR – how air cargo operators can ensure a safe landing in May 2018
Services Director | Transputec
The air freight industry is already one of the most heavily regulated sectors and will become even more so once the EU General Data Protection Regulation takes effect next May.
If air cargo operators avoid making the mistake of thinking that the GDPR does not apply to them, because it relates only to personal data, and plan ahead they can ensure a safe landing for themselves in May 2018.
Freight and logistics operations generate and manage large volumes of documentation including airway bills, invoices, proof of delivery documents, release notes, manifests and so on. Many of these will contain GDPR defined ‘personally identifiable data’ relating to EU citizens, including names, photos, ID numbers, location data, contact data and online identifiers.
Whether you’re an airline or cargo handler operating within the air freight sector, you need to be fully prepared for the GDPR juggernaut. Essentially, you will need to manage risk across three lines of defence namely, business operations, risk and compliance, and internal audit.
There are certain steps to begin the process for compliance now. The GDPR presents challenges to the industry that can’t be solved by policy and procedures alone. At the heart of this are technological challenges that, as well as compliance with the regulation, will also achieve data enablement, risk reduction and process optimisation. As an air cargo operator, you will need to have formal processes in place to manage the data that you hold. You must also be able to store it safely for long periods of time, access it quickly when required and be able to completely erase it upon request by the data subject.
This includes personal identification documents belonging to consignees or couriers, even if you simply overnight an envelope for an EU customer. The regulation’s definition makes it clear that even information such as online identifiers, which include an IP address or a Twitter handle, can be personal data. Whether or not your company is located within the EU or whether the EU individual has spent money with your company, you will more than likely have to comply with the regulation.
The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible. This includes archived information stored in warehouses or office basements that can be accessed by unauthorised personnel or stolen or destroyed by fire. As well as the volumes of air freight documentation, the reach of the regulation includes chronologically ordered sets of manual records containing personal data such as HR files, passports, bank statements and so on.
To comply with the data handling principles of GDPR, businesses must first of all know exactly what personal data they hold, where it is located and how they can access it easily.
Where much of this documentation, such as invoices, airway bills, manifests comes in paper form that is no easy task. To complicate matters further, many organisations within the air freight sector have been involved in mergers and acquisitions over many years. This has resulted in potentially hundreds of disparate databases spread across multiple physical and cloud environments.
Transputec has been an IT partner to airlines and freight operators for more than three decades. We are familiar with the issues and challenges faced by the industry and our approach integrates privacy and security. In order to be GDPR ready, airlines and air freight operators would greatly benefit from a document management system that offers them the ability to scan paper documents, electronically store them in a secure location and archive and access them at the touch of a button. Our solutions can detect where personally identifiable data is stored across as well as help identify potential data risks.
We’ve developed several bespoke solutions in collaboration with freight/logistics industry experts including airlines, shippers, freight forwarders, customs authorities, and ground handlers to reduce cost and manage business documents.
To comply with GDPR you must:
The sanctions for breach of GDPR data handling principles are game changing - up to €20m or 4% of the company’s annual turnover. The risk posed by such sanctions cannot be ignored by any business. To be in a position to comply in May 2018 you have to start the planning right now if you have not already done so.
A leading General Sales and Service Agent (GSSA) in the air freight sector, based at Heathrow, wanted to improve its core document processes, not just in readiness for GDPR, but to continue ensuring a real value-add service was being delivered to its clients and partners. The global scale and complexity of their business means that improving their core document processes offers huge potential benefits to service and efficiency for both them and their customers.
The GSSA decided to use leading document capture and management software (DMS), SHIELDIntelefile, which is designed for air freight, and is a fully hosted service, so was quick to deploy. After a short series of design meetings and workshops, the GSSA’s implemented system went live only a few weeks later.
The DMS captures and automates air waybills, manifests and the other forms and documents that are generated in the process of transporting air freight. It helps create value for clients at all stages of their GDPR journey, beginning at the data discovery phase and all the way through to automation of many aspects of GDPR compliance. It offers a flexible solution for capturing and submitting document images whether from centralised or distributed sources.
This lets the GSSA scan paperwork as close as possible to, or in, the airport, straight from its air freight customers. The images are queued by the DMS for a combination of automatic and manual data recognition and extraction. This allows accurate, categorised, searchable data to be securely available to appropriate people, inside and outside the company, anywhere in the world. Workflows become paperless too, so there are no transmission delays, even in global intercompany processes.
Posted on: August 23rd 2017