It is a very eventful week for Europe, as businesses across different verticals and segments brace themselves for the GDPR mandate that comes into effect on May 25. The General Data Protection Regulation, or GDPR in short, is a guideline that primarily addresses the export of personal data outside the EU and EEA. The mandate is a way for European residents to exert greater control over their personal data and unify various regulatory practices in the EU under a single umbrella.
But for most of the companies that work on technology, the GDPR undermines its fundamental requisite - access to data and leveraging it for analytics, boosting efficiency, and staying ahead in the market. The GDPR applies to any business that processes personal data of EU citizens and brings in a slew of data privacy and protection elements to the center stage.
The freight and logistics industry is particularly hard hit with the mandate as it works with a lot of stakeholders in the chain, and securing data with explicit consent at every step of the way would make it harder to work in an already finely balanced ecosystem.
FreightWaves spoke with Jan Unander, Business Advisor at Sweden-based UNIC AB, to understand the impact of GDPR in the freight industry. “It is important to understand that in the truck business, 70% of the profit in Europe for truck manufacturers come from their aftermarket services, maintenance, and accesories,” he said.
“To comply with the GDPR guidelines, these companies sign a contract, explain to their customers that they can use the data for certain maintenance purposes. Truck manufacturers also use the data for building and creating services. By signing a contract, they at least have acceptance from the customer to use the data - not share it, but use it.”
But when it comes to concealing the identity of truck drivers who work for a fleet company, businesses run short of ideas. In a highly connected network of trucks, it is improbable that the identity of a trucker could ever be concealed, even if the intent is positive. “In the trucking industry, we talk about time, position, and the vehicle - and all these give you the ID of the driver. Even if you take away the driver’s identity, the owner of the truck knows who drove the truck in that lane at that time,” said Unander.
If all the parameters of a truck’s position at a specific time in a specific lane are removed, it would be counter-intuitive as it becomes harder for companies to build services around the truck. Unander felt it was a challenge to navigate around the new law, but hoped that if given some time, this predicament could be solved.
Another problem that fleet companies need to contend with is how to improve driver behavior without recording driver identities. A significant portion of the European driver population is non-skilled and need education, but a guideline that constricts the flow of driver information to the fleet management would make the situation complex.
“If the transport company does not know who drove the truck because of GDPR, it really is a problem. Companies want to reduce costs and improve driver behavior, but if they can’t identify the driver, they can’t provide focused education. They would then have to instill an averaged out education for all drivers which might be complicated and expensive,” said Unander. In essence, investing in its workforce got a whole lot harder for companies with the arrival of the GDPR.
Blockchain projects in the industry could also hit a snag, as data that is being held in the system is immutable, and it might get tricky if stakeholders want their data to be removed from the ledger. Once the data is in the system, even if the hashes are upgraded, the data would still be floating around.
Unander also made a point about how interconnected social platforms blatantly flout consumer privacy and share data between each other. If a consumer reads something on Facebook, he finds himself being surrounded by similar information on different platforms like Spotify, or Google - which obviously, is no coincidence.
“Systems are misused, and the companies need to change their business model because they can’t sell data any longer, even if it is an IP number. As a user, if you pay for services, you have to be promised that your data would not be shared,” Unander said.
Then again, though the GDPR does look ominous at its face value, it is not necessarily a death knell for companies. Proper compliance, transparent collection of data, respecting data privacy and managing compiled data in a secure system would go a long way in easing out the predicament.
Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.