PTI Blog: GDPR’s Impact on Supply Chains


Blog contribution by DP World

The European General Data Protection Regulation (GDPR) comes into force at the end of this month on May 25.

With just over two weeks until businesses operating in Europe, or trading with European partners who handle personal data have to be compliant with the regulation, many are climbing over one another to make sure that all their digital ducks are in a row.

It is deeply naïve to believe that GDPR is purely an IT issue, and that compliance is the job of a CTO, CIO or IT manager. Once in place, the regulation will affect all aspects of a business, from how the sales department conducts itself, to how customer data is stored and for how long.

The logistics and supply chain sector is not a distant outlier in this process. In fact, GDPR will have far-reaching effects on how port and terminal operators, as well as logistics partners, utilize their supply chains.

Those that do not heed to this fact are likely to find themselves in breach of the regulation, damaging their business relations, tarnishing their reputations, and being left haplessly behind the rest of their competition.

Over the past two decades, digitalization has radically altered the supply chain.

New ways of doing things through all-channel fulfilment or omni-channel commerce has challenged the traditional notion of the supply chain as a conduit for goods to move from A to B, built for this purpose only.

With demand for different goods in multiple locations, ordered through different mediums, the supply chain becomes less about the A to B and more about the A, B, C, D, E and F, and how each point interacts with the end-user.

The technology and data that flows through the supply chain makes all this possible, creating efficiencies and opportunities that were unimaginable ten years ago.

However, when data is the life-blood of the modern supply chain, taking responsibility for its magnitude and movement, as well as the level of information it contains, can be a daunting challenge.

The sheer number of stakeholders involved in a modern supply chain further exacerbates this challenge.


Read another blog post by iContainers on the reasons for why digitizing forms 90% of the freight forwarder's IT plan


International trade has long been a complex network of multiple actors but now, in the age of omni-channel fulfilment and booming e-commerce, the supply chain is a convoluted web of manifold stakeholders, trying to compete with one another on speed, price and customer experience, with data flowing relatively freely from one party to the next.

By no means does GDPR threaten the data-driven functionality of modern supply chains. It is simply asking businesses and, by extension, logistics providers and supply chain operators, to understand the amount of data they hold, its movement, how it can be better protected and made more transparent to business partners and, ultimately, customers.

Businesses must map the flow of personal data along the chain they are responsible for, identifying the recipients of personal data, including sub-processors and where the personal data is processed and analysed, which will undoubtedly involve their supply chain partners.

After that, businesses need to identify new and existing contracts that involve the processing of personal data and review the data protection provisions already in place to see if they are GDPR-compliant.

If they are insufficient, policies need to be revamped and fortified to ensure that when the 25th May arrives, all data protection policies are compliant.

Moreover, once businesses have reflected on their own data protection practices, they must look outwards, to their logistics partners and supply chain operators that benefit from the flow of data to ensure that they too are compliant with the looming regulation.

Data protection will undoubtedly alter the supply chains approach to rise.

Not only do data breaches after GDPR comes into practice incur a hefty fine, they also require supply chain operators to alert their business partners and the general public on the data breach, thus damaging their reputation, customer’s trust in their service offering and potentially harming future earnings in a highly competitive and saturated market.

Just like any looming regulation or policy that requires businesses to reflect and revaluate their practices, GDPR presents a unique opportunity for those that see the potential. While much of the language pertaining to GDPR is parental and severe, many of the characteristics that GDPR is going to make necessary are those that customers and merchants value in the world of omni-channel fulfilment.

Transparency, oversight, simplification, improve data portability and higher quality data are the backbones of GDPR.

In addition, while the price of non-compliance is large, the regulation will undoubtedly improve the practices of the entire sector, standardizing data across the board and helping un-do some of the questionable practices, which have gone unchallenged in international, trade for too long. It will create leaner, more consumer-friendly supply chains, which in a world where the customer is at the centre of the supply chain, will separate the innovators and pioneers from the gamblers and traditionalists.


About the author:

Que Tran, Head of IT, Europe & Russia at DP World, has held a number of senior IT leadership positions within international organizations across a range of sectors including media, market research, manufacturing, logistics, inter-governmental and financial services.

Starting out initially in software development, his career has spanned many areas including systems engineering, business analysis, project management, infrastructure management, operations and service delivery, enterprise architecture and IT strategy.


DP World is a global terminal operator at 78 ports in 42 countries. The group handles approximately 9% of the world’s container trade and in 2017, globally DP World handled 70 million TEU.

DP World Europe and Russia owns 10 ports and 5 inland terminals across the continent, employing more than 4,000 employees across 37 countries.

DP World Europe and Russia services include container stuffing and de-stuffing, VGM – container weighing, onsite empty depot, logistics parks, freight forwarding, warehousing, container handling, break bulk, cruise ro-ro car, multi-purpose and intermodal infrastructure.

Read more: DP World has signed a Memorandum of Understanding for a strategic skills development programme that will focus on leadership and business management with the renowned Erasmus University in Rotterdam

Daily Email Newsletter

Sign up to our daily email newsletter to receive the latest news from Port Technology International.

Supplier Directory

Find out how to get listed

Webinar Series

Find out how to attend

Latest Stories

Cookie Policy. This website uses cookies to ensure you get the best experience on our website.