What do you need to know about the upcoming GDPR requirements? Could you benefit from using blockchain technology? Below we examine four steps for GDPR compliance and how blockchain technology can help simplify and improve supply chain management.


First 4 Steps for GDPR Compliance

The European Union’s (EU) upcoming General Data Protection Regulation (GDPR) comes into force on May 25, 2018, and will require U.S. businesses to protect EU citizens’ personal data. Even if you don’t think you’re at risk, seemingly innocent data such as online addresses from EU users could expose you to severe fines.


U.S. businesses that don’t comply with the EU’s upcoming General Data Protection Regulation could face fines of up to €20 million or 4 percent of their global annual turnover.


The GDPR expands the definition of personal data and the rights of data subjects, making it difficult to determine your requirements. Here are some first steps to prepare for the rule:

  1. Conduct a data audit across your entire organization. Determine what information is collected across all of your organization’s departments and operations.
  2. Determine how the data is processed, stored and retained. Identify which of the GDPR’s six lawful bases (listed below) your business uses to collect data, where data is stored, the record-keeping process for data use and your business’s policy on data retention.
  3. Examine your vendors’ and partners’ data management practices. Make sure that business partners such as cloud service providers, payment processors and marketing firms are ready to comply with the GDPR. Even if your own data protection measures are in place, you can still be held partially liable for a vendor’s failure to comply.
  4. Create a plan that accounts for the GDPR’s requirements on consent, data subjects’ rights and breach notification. Meet with management, IT, legal teams and other stakeholders to create a GDPR compliance plan that’s unique to your business. Keep in mind that your plan should address how your business will collect and record data users’ consent to process information, comply with requests to delete or transfer data, and report data breaches to supervisory authorities.


The 6 Lawful Bases for Processing Data Under the GDPR

  1. Consent from the data subject
  2. Contractual necessity
  3. Compliance with legal obligations
  4. Protection of a data subject’s or another person’s vital interests
  5. Actions that benefit the public interest
  6. Actions for a business’s legitimate interests


What is Blockchain Technology and How Can it Improve Supply Chains?

Online technologies like smartphones, internet of things networks and cloud services have helped businesses examine their supply chains up close. However, a lack of transparency between vendors and the use of separate management systems often leads to confusion, delays and lost business.

To solve these problems, many businesses have turned to blockchain technology—a platform of encrypted, shared records that can be instantly accessed by all parties involved in a supply chain. Blockchain systems work by recording a separate record, or “block,” every time a supply chain progresses. This record is then encrypted and used to verify all subsequent blocks, which prevents alterations to records. And, because blockchain systems can be viewed by all members of a supply chain, businesses can get an instant and reliable idea of a product or task’s status.

Here are some of the potential benefits of a blockchain management system:

  • Flexible scalability—A business can use a blockchain system internally to track projects and other workflows, or multiple organizations can share the platform to organize large-scale operations.
  • Security—Records that use blockchain are encrypted, verified and shared between all users. As a result, blockchain is very secure against tampering and cyber attacks.
  • Transparency—Advanced sensors and other tracking technology can update blockchain records to give businesses an ongoing view of a supply chain without fear of human error or biased reporting.
  • Innovation—New services are beginning to automate complex systems like contractual obligations, employee security credentials and personal data protection using blockchain technology.
  • Detailed analytics—Businesses can track individual products to gather important information at any time, such as the origin of a dysfunctional product or a food item’s expiration date.



Information abstracted from Zywave’s “Commercial Risk Advisory: May 2018” article.