0370 1500 100

There are big changes coming in relation to supply chains. Organisations such as McKinsey are warning of the risks facing more traditional supply chains optimised to manage stable, high-volume production, and pointing towards a more agile future. This is something on the mind of many manufacturers.

More agile chains are more able to respond to challenges as they are thrown at them – from significant increases in costs to fluctuations in currency, energy and raw material costs.

Increasing agility often means a greater dependency on “just in time” delivery and manufacture, so for key staff, greater visibility of the progress of deliveries can be a real advantage. This is leading many companies to provide their staff with more connected, GPS enabled wearable technology. Many are also looking to pair these with cloud-based services.

For those with supply chains passing through Europe, this can bring into focus some issues which have not been typically faced in the supply chain, such as protection of personal data. “Personal data” is defined broadly in European data protection legislation, and can mean that even if an individual is not identified by name, data relating to them can still be personal data – potentially pulling tracking data from wearables into its scope.

While ‘big data’ has meant that IT security has become more of a priority for many organisations, dealing with ‘personal data’ introduces additional complexity.

Where are the cloud services?

Increasingly stringent data protection laws means the location of cloud services becomes ever more relevant, and the same is true of your contracts with the cloud services provider. There are limitations on when data can be transferred to many countries outside Europe, and requirements to include certain provisions relating to data protection in your contracts with the providers.

Many cloud suppliers are based outside Europe – can they commit to only using data centres within Europe or for technical reasons do they need to mirror data to sites outside? The old EU-US Safe Harbor regime has been ruled ineffective thanks to a case involving Facebook, and so far the replacement, ‘Privacy Shield’, has not been as widely adopted, which is likely to mean that the issue needs to be specifically addressed in your contracts.

Do you have flexibility in a solution?

EU laws allow individuals to ask you to stop processing their personal data, and also give separate rights for them to require you to disclose all the personal data you hold about them. Many companies will have processes in place to gather personal data, though you may need to introduce new structures to allow the person responding to pick up any additional personal data generated by the supply chain.

If you are using a solution which tracks the location of individuals in your supply chain, whether directly or indirectly (for example, the location of a lorry driven by an employee), are you able to accommodate both of these points?

What does Brexit mean for all this?

The current EU data protection regime is being replaced by a regulation, which is directly applicable to all member states. It seeks to enhance privacy and push organisations towards a privacy-by-design thought process. It will come into force on 25 May 2018, so will likely apply to the UK, at least for a period, depending on how exit negotiations progress. The UK’s Data Protection Minister, Baroness Neville-Rolfe DBE CMG, has indicated that the government could see a situation that the full revised rules could continue to apply to the UK even after exit if the UK remains in the single market.

What does this mean for my business?

If you are looking at updating your supply chain, whether it is adding partially autonomous vehicles or giving wearables to employees, you may stray into areas of regulation to many managers operating in the supply chain – whether relating to flight restrictions with drones or data protection issues. Lawyers and other consultants can help you to consider ramifications of proposals before they are implemented in this critical area and become issues for the business.

 

Key Contact

Mark Evans