There are big changes coming in relation to supply chains. Organisations such as McKinsey are warning of the risks facing more traditional supply chains optimised to manage stable, high-volume production, and pointing towards a more agile future. This is something on the mind of many manufacturers.
More agile chains are more able to
respond to challenges as they are
thrown at them – from significant
increases in costs to fluctuations in
currency, energy and raw material costs.
Increasing agility often means a
greater dependency on “just in time”
delivery and manufacture, so for key
staff, greater visibility of the progress of
deliveries can be a real advantage. This
is leading many companies to provide
their staff with more connected, GPS enabled
wearable technology. Many are
also looking to pair these with cloud-based
services.
For those with supply chains passing
through Europe, this can bring into
focus some issues which have not been
typically faced in the supply chain,
such as protection of personal data.
“Personal data” is defined broadly in
European data protection legislation,
and can mean that even if an individual
is not identified by name, data relating
to them can still be personal data –
potentially pulling tracking data from
wearables into its scope.
While ‘big data’ has meant that IT
security has become more of a priority
for many organisations, dealing with
‘personal data’ introduces additional
complexity.
Where are the cloud services?
Increasingly stringent data protection
laws means the location of cloud
services becomes ever more
relevant, and the same is true of
your contracts with the cloud
services provider. There are limitations
on when data can be transferred
to many countries outside Europe,
and requirements to include certain
provisions relating to data protection in
your contracts with the providers.
Many cloud suppliers are based outside
Europe – can they commit to only
using data centres within Europe or for
technical reasons do they need to mirror
data to sites outside? The old EU-US
Safe Harbor regime has been ruled
ineffective thanks to a case involving
Facebook, and so far the replacement,
‘Privacy Shield’, has not been as widely
adopted, which is likely to mean that the
issue needs to be specifically addressed
in your contracts.
Do you have flexibility in a
solution?
EU laws allow individuals to ask you to
stop processing their personal data, and
also give separate rights for them to
require you to disclose all the personal
data you hold about them. Many
companies will have processes in place
to gather personal data, though you
may need to introduce new structures to
allow the person responding to pick up
any additional personal data generated
by the supply chain.
If you are using a solution which tracks
the location of individuals in your supply
chain, whether directly or indirectly
(for example, the location of a lorry
driven by an employee), are you able to
accommodate both of these points?
What does Brexit mean for all
this?
The current EU data protection regime
is being replaced by a regulation, which
is directly applicable to all member
states. It seeks to enhance privacy and
push organisations towards a privacy-by-design
thought process. It will come
into force on 25 May 2018, so will likely
apply to the UK, at least for a period,
depending on how exit negotiations
progress. The UK’s Data Protection
Minister, Baroness Neville-Rolfe DBE
CMG, has indicated that the government
could see a situation that the full revised
rules could continue to apply to the UK
even after exit if the UK remains in the
single market.
What does this mean for my
business?
If you are looking at updating your
supply chain, whether it is adding
partially autonomous vehicles or giving
wearables to employees, you may
stray into areas of regulation to many
managers operating in the supply chain
– whether relating to flight restrictions
with drones or data protection issues.
Lawyers and other consultants can
help you to consider ramifications of
proposals before they are implemented
in this critical area and become issues for
the business.
For general enquiries
0808 291 3524
Or we can call you back at a time of your choice
Phone lines are open 24/7, 365 days a year
