2018 was a banner year for data regulation. GDPR took effect in May, forcing all companies that maintain data on European customers to better police and control sensitive information. Governments on this side of the pond took notice; California passed legislation similar to GDPR, set to take effect in 2020.
With this as a backdrop, ecommerce companies are thoroughly examining their operations for compliance issues. If you’re one of these companies, you must pay equal attention to the fulfillment center, especially if you’re tracking customer data there with different tools maintained separately from your ecommerce platform. The fulfillment center certainly has access to customer addresses and contact information, and it might have access to more sensitive data, including credit card numbers.
If you’re bringing your FC up to code – or even if you’re not under regulation yet, but want to improve your data governance – consider these three “gut-checks” through the lens of GDPR’s main components:
How Easily Can You Access Your Data?
Much of GDPR revolves around data accessibility and modification. Consumers gain the right to access any of their personal data maintained in company systems, to correct false or outdated info, and to have all data erased. If a customer requests information that needs to be retrieved from your fulfillment operations, the fulfillment center team will need to access it quickly.
If possible, the best course of action is to sync your sales platform with your fulfillment solution, allowing both systems to share information. If this isn’t feasible, you’ll need to examine your systems to ensure consistent data tracking. For example, if you differentiate customers by a unique number on your sales platform, follow the same pattern in your fulfillment system. This will help reduce inaccurate data and streamline the process of gathering a customer’s data in the event they request it.
How Secure is Your Data?
GDPR places the responsibility for data security squarely on a business’ shoulders. With an increasing number of threats to our private information, it’s critical your FC team review its systems for vulnerabilities. This is especially important as more FCs adopt IoT sensors, as each device operates as another entry point for would-be hackers.
Start by considering how accessible your data is if someone were to launch an attack against your system. If you’re still maintaining data in spreadsheets, make sure your firewall is up to date, and any files containing personal data are encrypted. If you’re using more advanced data storage, talk to your vendors to ensure their security measures are GDPR compliant. Remember, even if you maintain your fulfillment center data offsite or in the cloud, you’re liable in the event of a breach. Do your due diligence and make sure you’re working with a trustworthy partner.
Do You Have a Data Breach Response Plan?
Despite your best efforts, there’s a chance your company might face a data breach; even retail giants like Target are vulnerable. Waiting until a breach occurs to determine how to relay the information, however, is a mistake. GDPR took steps to prevent companies from postponing their crisis planning by including a rule that requires breached companies to investigate, inform affected individuals and develop a containment plan within 72 hours.
Meet this standard by ensuring your FC team is properly trained in how to respond. They also need to understand what data is stored where, so a breach can be quickly isolated and they have a better idea of which customers were affected. Prepare a system of documentation for each step in the process; GDPR requires companies that take longer than 72 hours to report a breach to complete paperwork explaining their delays.
Bottom line: Take Data Regulations Seriously
If your business isn’t tied to any data regulations, don’t get comfortable. Greater demand from consumers seeking more control over their personal information means every area of the business – including the fulfillment center – needs to police its data security and accessibility.
Evaluate your method of data tracking across your fulfillment operations to ensure it’s consistent across solutions and properly secured. You’ll be better prepared to offer your customers peace of mind and meet any new regulations that might arise.
Don White is Vice President of Enterprise Solutions for Snapfulfil