GDPR and meaningful data protection in B2C processes

Björn Holeschak, Leiter Datenschutz EIKONA Systems GmbH
Man hands over package to a woman

As e-commerce service providers, more and more logistics companies are also delivering shipments to consumers. That subjects them to stricter data protection requirements than deliveries to companies: even a consumer's residential address constitutes personal data under the General Data Protection Regulation (GDPR).


To ensure that this kind of sensitive information is handled legally, service providers should make sure to meet important basic requirements:

  • They may only obtain data in a lawful manner (for example, based on a service contract) and not informally.
  • They should use a minimum of data, i.e., they should only have the information that is absolutely needed to fill the order.
  • They have to handle and process data in a protected manner, in other words, they have to train their employees regularly and take technical and organisational protection measures.

It's best to take a step-by-step approach to complying with these requirements in typical forwarding activities.


The basics

What are the data protection goals?

All data protection measures are based on three fundamental goals that have to be met at all costs: data integrity, authenticity and availability. Data integrity means that data in a resource is protected and cannot be changed arbitrarily. It should also be authentic, i.e. error-free. Data availability is required so that authorised users can utilise the data whenever necessary to fill the order. The data is then adequately protected against loss – which sums up the third goal. To meet these goals, freight forwarders should only collect the data they need to do their job. For example, they only need the email address or the mobile phone number for (automatic) notification; one correct contact method is more than sufficient. To be allowed to store this data, freight forwarders also need the customer's permission, which remains valid until revoked. The data may only be processed in an access-protected system. Any data transfers or transports must be encrypted – i.e. the data can only be sent over encrypted connections using a protocol such as HTTPS or FTPS. In addition, the freight forwarder's premises and buildings should be secured.


Thoroughly organised

Fully protect data during the process

All employees who handle personal data should be regularly educated on data protection. After all, their day-to-day actions are what determines compliance with data protection. For example, documents for transport trips must be distributed in such a way that the addresses can only be accessed by the actual drivers. This can be done using an access-restricted app or a locked pickup box. When making a delivery, local transport drivers must take care not to leave any customer data where it could be seen from the outside of the vehicle. This applies both to addresses displayed in an app and to classic waybills, which must not be visible from outside. If customers have included their phone number and agreed to receive a call, drivers are allowed to give notifications by phone prior to delivery from the truck. Obviously, ringing the door bell is also permitted once drivers reach the address. After the delivery is made, customers are obliged to provide a signature as proof of delivery – handwritten or digital.


Legal archiving periods

Obligations continue after the order

Once a delivery has been made and the invoice issued, the freight forwarder is still required to retain the data. This is done for liability reasons and because online merchants, being the logistics providers' customers, are entitled to a warranty by law. The most important reason, however, is that tax law requires data to be retained for an extended period of time. This means that recipients cannot request erasure of their data until the statutory retention obligation has expired. The law clearly states what data has to be deleted, and when: after three years, email addresses and phone numbers have to be deleted. Freight forwarders are required to be able to present this information with the proof of delivery during that period. After six years, billing documents, names and addresses also have to be deleted from the filing cabinets or digital archives. During this time, data owners can only request that logistics providers block individual data being used for purposes unrelated to the order itself. Recipients may exercise their right of access to the stored data and their right to data rectification at any time. The subsequent mandatory erasure of this data has to follow specific rules:  data media has to be put through a level H-3 hard disk shredder (deformation: bending or piercing). Files go through a paper shredding process that conforms to the level P-3 requirements set out in DIN 66399 (strips with a maximum width of 2 mm or particles with a maximum size of 320 mm²).

Conclusion

Reasonable approach to data protection

If you adopt good data protection goals, you will not have to worry about handling consumer data, even as a freight forwarder. Appropriate software can help companies meet their obligations to archive and delete customer data. The best, most feasible approach is to retain evidence of the general data erasure (e.g. a destruction order) but not the erasure of individual data records. So as long as you take a reasonable approach to data protection, you can breathe easy, knowing you won't be fined.

How do you manage consumer-level order data?


Björn Holeschak
Björn Holeschak
Team Lead, Data Protection

Drawing on his profound data protection expertise, he tackles data protection challenges with renewed vigor every single day. He understands the dangers and stumbling blocks in intimate detail and gives customers practical advice.


Add a comment

What is the sum of 4 and 6?