Blog

Default page subtitle

100 DAYS TO GDPR

The General Data Protection Regulation aims to strengthen the protection of personal data. The current data legislation dates back to 1995 with the Data Protection Directive which has a lack of harmony and has not evolved to deal with the current uses for Data eg marketing. The principles remain the same but the new policy is meant to update standards to fit today’s technology which has changed dramatically since 1995. Today, there are 3 billion internet users compared to 16 million 20 years ago, with the rise of social networks. The GDPR affects all businesses operating within the EU: EU Companies that process personal data, Non-EU companies who offer goods or services to individuals in the EU and Non-EU companies who monitor individual’s behaviour that takes place in the EU. It will come in effect on May 25th 2018 and we have to make these changes now to ensure that we are compliant.

MAIN CHANGES :

  • CONSENT : Permission and consent are required to send marketing information. The consent must be unambiguous, informed and freely given. Prior to giving consent, data subjects (individuals whom particular personal data is about) must be informed of the right to withdraw consent at any time and it must be easy for them to do so. For children under 16, a parent or guardian must give his approval.
  • RIGHTS FOR DATA SUBJECTS : Right to be informed, Right to access, Right to rectification, Right to erasure, Right to restrict processing, Right to data portability, Right to object, Rights in relation to automated decision making.
  • DATA BREACHES : for example the destruction, loss, alteration, unauthorised disclosure of or access to personal data, human error. New mandatory obligation to notify data breaches to the regulator ASAP but not later than 72 hours and if notification is not made after 72 hours a reasoned justification is needed.
  • ADMINISTRATIVE FINES AND COMPENSATION : Under the GDPR, data subjects will have a right to sue and recover material or non-material damages, e.g. loss of personal data, damage to reputation, loss of confidentiality. The current maximum fines are €3000 but GDPR fines are up to €20 million or 4% of the Turnover.
  • INCREASED TERRITORIAL SCOPE : The policy applies to all companies processing the data of E.U. subjects , regardless of the company’s location.
  • PRIVACY BY DESIGN : Data protection has to be included in the initial system design rather than added later.

 

 

KEY ACTIONS TO BE TAKEN

1/ AUDIT :

  • You are required to document what personal data you hold, where it came from and who you share it with.
  • It is recommended to conduct an information audit across the organisation or within particular business areas which need to be GDPR compliant.

2/ IDENTIFICATION :

  • You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in common used format.
  • You should identify the lawful basis for your processing activity in the GDPR, document it and update your notices.

3/ UPDATE DATA PROTECTION POLICY :

  • You should update your procedure for dealing with subject requests to handle them within the new timescales;
  • You should review how to seek, record and manage consent and whether you need to make any changes.
  • You should also put a system in place to verify individuals’ age and to obtain parental or guardian consent for any data processing activity.
  • Finally you should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

4/ UPDATE PRIVACY NOTICES :

  • After updating the data protection policy, it is important to review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  • They have to be concise and in an easy-to-read format with limited legalese.
  • They must include : identity and contact details of the controller and the Data Protection Officer; purposes and legal basis for the processing; recipients of the personal data; retention periods; details on the right to access to personal data and rectification or deletion of it; right to withdraw consent; …

5/ UPDATE CONTRACTS WITH PROCESSOR AND CONTROLLERS : the contracts must set out :

  • The subject matter and duration of the processing
  • The nature and purpose of the processing
  • The type of personal data and categories of data subject
  • The obligations and rights of the controller

6/ CONSIDER AN APPOINTMENT WITH A DPO :

You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure. A Data Protection Officer can be outsourced to assist you in managing your organisation on its journey to becoming GDPR compliant . If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority.

7/TRAINING :

  • You should ensure that everybody is aware that the law is changing to the GDPR (mostly decision makers and key people) so they can start identifying areas that could cause compliance issues.
  • You then have to train relevant staff and teach them how GDPR affects their role.

 

WHAT PROCUREMENT TEAMS SHOULD DO

Map the flow of personal data through supply chains. Identify recipients of personal data, including sub-processors. Note where and how the personal data is processed.

Identify existing supplier contracts that involve the processing of personal data and review the data protection provisions.

Consider the organisation’s approach to risk with existing and new contracts in relation to GDPR compliance. The financial risks posed by the regulation may change the risk profile of data processing contracts, necessitating a different approach Not sure what was meant here?? and data security breaches.

Carry out adequate due diligence on new suppliers to check their GDPR compliance, obtain guarantees regarding the measures that suppliers have in place and ensure there are rights of audit within the contract together with the other mandated data processing provisions.

Check whether existing insurance policies will cover data protection and security breaches including breaches by suppliers.

Check internal systems to ensure that processes are in place to enable the organisation to satisfy the 72-hour breach notification requirement.

 

USEFULL GDPR LINKS

For more information : https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ OR http://gdprandyou.ie/organisations

Are you ready for GDPR ? make sure you have not forgotten anything thanks to this MCQ

You can also consult the Irish Data Protection Authority website.

Pixalert can help you by providing a software which locates all credit card data and critical data in your network to be GDPR compliant.

 

To assist you on how to get started and what GDPR means to your business, ISME Skillnet have designed GDPR Preparation training sessions called GDPR Essentials for SMEs specifically aimed at SMEs and business owners.

The first session in this series on Thursday, 15th February in the Clayton Hotel, Liffey Valley, Dublin is already booked out.

Additional sessions will take places in:

The Dun Library, Royal College of Physicians, 6 Kildare Street, Dublin on Wednesday 21st February

Clayton Hotel, Silver Springs, Tivoli, Cork on Tuesday, 6th March

Limerick Strand Hotel, Ennis Road, Limerick on Wednesday 7th March

BOOK YOUR PLACE NOW 

5 Steps to Tendering Success

Love me Tender

Many people love Elvis but very few love Tendering!

However Tendering is a skill and process which should be developed in every organisation. Public and private tender opportunities emerge every week to win new business so investing time and resources developing this skill will pay dividends overtime. Whether you are creating or responding to Pre-Qualification Questionnaires (PQQs), Invitation To Tender/Bid (ITT/ITB), RFx etc.), the advice below will improve your Tender outcomes.

This overview initially sets the context by providing 5 High-Level Steps to Tendering Success, before elaborating further with a dozen Tendering Tips for each tender submission;

 

5 Steps to Tendering Success

 

There are 5 key steps to improving Tendering capabilities and success rates but unfortunately most companies primarily focus on Step 4, the Tender Submission;

1. Prepare Tender Library – An easy-to-use robust Tender Library will maximise the Return on Investment from your Tender Activity, while presenting an effective and consistent company message across all tenders

2. Target Opportunities – If you are waiting for the Tender to arrive in your Inbox, you are possibly too late. Effective market research will unearth potential customers, decisions makers, business needs and contract renewal dates, so schedule sales meetings prior to the Tender to convince them of your capability and value proposition. Consider Tender analytics from the likes of TenderScout.com

3. Qualify Opportunities – Create Go/No Go Bid Criteria for your company to use as a decision support tool to tender, or not. Rigorously quality each Tender opportunity to focus solely on winnable opportunities. Tendering is expensive to save time/money by learning to say ‘No’.

4. Tender Submission – Develop the core skills to produce best-in-class tender submissions, with a detailed Tender plan, win strategy, writing and reviewing task-list and submission check-list.

5. Post-Mortem – Tendering is a skill. Improve your strengths and learn from your mistakes overtime to continuously improve this skill and Return on Investment. Ensure to solicit, analyse and act upon all feedback (with further details below).

12 Tendering Tips for each Tender Submission

 

1. For each tender, define the bid strategy to position your bid ahead of the competition, exceeding the buyers’ stated and unstated needs. This bid strategy should summarise the proposal in a few keywords, prior to writing the narrative or incorrectly ‘copying & pasting’ from previous submissions.

2. The proposal needs to be about the Buyer so put their needs at the centre of the Tender document. Explain why your solution is ‘fit for purpose’, with a bespoke response in the buyer’s language. If you do not have a fundamental understanding of the buyer’s detailed requirements your chances of winning are low while avoid using generic/brochure material as the basis for your response.

3. Consider collaboration – be open to forming or joining a consortium to submit a collaborative Tender. Consider strategic partners for complex Tenders and undertake the necessary due diligence.

4. Utilise all available market research to determine the purpose of the tender, the decision-making process (especially award criteria), the incumbents strengths/weaknesses, the strategic ‘fit’ for your organisation etc.

5. A Tender is a project. Use all available company resources, expertise and tools to manage the project effectively with milestones, deliverables, tasks, owners etc.

6. A winning tender response should read like a good book, taking the evaluator on a compelling journey about your business, and how you are creating and delivering real value to your customers. This includes developing a consistent corporate style (grammar, font, colours etc) so as to construct clear and persuasive tenders and proposals.

7. KISS – Keep it short and simple. Use clear, jargon-free language, writing in easy to understand terms (with a list of abbreviations to assist the non-technical readers). Always, assume the tender evaluators know nothing about your company and your solution.

8. Capacity to deliver is the primary risk on the buyer’s mind when awarding new business. Therefore, provide references to practical examples of successfully delivered comparable projects. Do not hold back and ensure you sell your key skills, expertise and experience which delivered past projects, similar to the buyers needs (with any lessons learned?)

9. Define your unique selling propositions and highlight your key differentiators from the competition. Sell the buyer the uniqueness of your solution and the related benefits to the buyer (operational efficiencies with metrics, savings, payback periods etc.)

10. Consider presenting bids in bespoke tender-specific binders, with easily-navigable tabs and graphic design suited to both your branding and the requirements of the buyer. No matter how persuasive the written content, your document will lose impact without colour / design – every tender opportunity is also a sales opportunity! For example, Armand Hammer, former CEO of Occidental Petroleum,  presented his winning bid for oil concessions from Libya in the mid-1960’s, in Arabic, written on a sheepskin parchment, rolled up and tied with ribbons bearing the Libyan national colors of red, green and black. This winning bid generated $200 million for Occidental in the late 1960’s.

11. Proofreading of proposals from start-to-finish is always a worthwhile task, especially experts not involved in the project including professional writers or editors.

12. When undertaking your post-mortem, consider your ‘win strategy’, market research and the effectiveness of your Tendering process. Consider the cost and time budgets, in relation to the value of the Tender. Whatever the outcome, use all available feedback to improve your next Tender.

Any other Tendering tips from the trenches?

While whether you are new to Tendering or have the scars from previous sourcing events, consider Arvo’s unique supports from both sides of the coin, whereby we;

  1. support buyers through every stage of the Strategic Sourcing event.
  2. assist suppliers prepare, identify, qualify and respond professionally to appropriate bid opportunities.
  3. provide training to buyers and suppliers to maximise their success levels at either side of the Tender Document.

 

Contact us today to discuss how we can maximise the return from your next Tender.

Brexit and your Supply Chain

As you know by now, European President Jean-Claude Juncker had a meeting with British Prime Minister Theresa May last Friday morning to agree a historic deal defining the terms of Britain’s divorce from the EU. If all that was agreed on December 8th comes to pass, the UK has essentially committed to a soft Brexit.

Ireland has done well in Phase 1 of the Brexit negotiations, including preserving the Common Trade Area, protecting the Good Friday Agreement and, crucially, obtaining a guarantee that there will be no hard border. It is now for the European Council to decide today if sufficient progress has been made to allow the negotiations to proceed to Phase 2, which is a significant step forward in the process leading towards UK withdrawal from the EU in March 2019. It is expected that a transition period would last two years ensuring Britain will remain part of the customs union and single market (including being subject to EU law) until 2021.

Thereafter, the risks and unknowns for your business need to be carefully considered. Most proactive businesses have started to document Brexit assumptions within their Brexit action plans, supporting their planning and strategy work. Whether importing directly or indirectly from the UK, the impacts to your operating model, supplier base, cost base and working capital requirements needs to de analysed, to understand where the areas of greatest risk are (so as to develop suitable mitigating actions to reduce the impact of Brexit on your business).

 

Specifically focusing on your supply-base and imports, can you answer the following 5 questions to identify risks and resilience steps for your business?

 

  1. What suppliers will impact the business most if they cannot supply you tomorrow?

 

  1. Do you know what % of your goods and services are coming directly or indirectly from the UK?

 

  1. Have you researched alternative non-UK suppliers?

 

  1. Are there contracts, licenses or regulations restricting your global sourcing strategies?

 

  1. Are you aware of the potential additional costs to import from Europe in terms of hubbing, logistics partners, Minimum Order Quantities plus the impact on cash flow?

 

As Arvo have been participating in Enterprise Ireland’s Brexit Roadshows recently, let us know today how we can help build resilience into your supply chain for Brexit (& other Political, Economic & Technological events that may cause risks for your business in future).

Freight Market Changes

Have your Logistics costs reduced in 2017? Are fuel surcharges reappearing or are you expecting a price increase from your transport provider? It is a fact that diesel prices have increased severely in recent weeks but this 5% increase should not significantly impact your logistics costs as fuel constitutes only 17-32% of your supplier’s total annual vehicle operating costs*.

Does your business depend on the efficient and effective delivery of parcels, boxes, pallets or containers to your clients? If so, have you benchmarked the non-price aspects of the service e.g. quality, innovation and reporting capabilities?

If you are interested in reducing transport costs or increasing quality services, talk to us today, as there are daily changes in the transport sector which will benefit your business in 2018 e.g;

  1. Automation: Globally, automation is well-established in many distribution centres and is becoming more prevalent in Ireland now too, with a range of robotic solutions offering the ability to introduce automation into DC operations without the need for major structural alterations.
  2. Labor Costs: Have been increasing due to a severe shortage in drivers and rate pressures on ground-staff in most logistics operations. While OPEC play monopoly with global oil supply and prices, a real concern for the transport industry is the impending labor cost increases (while thankfully, Insurance cost increases borne by all over the past few years are not expected to continue).
  3. Consolidation: There have been a raft of mergers, acquisitions and alliances within the global freight industry over the past 5 years, which are turning traditional supply chains upside-down. The increased competition and coopetition is triggering supply efficiencies and price wars, which is flooring global freight rates (and we hope it is sustainable)
  4. Technology: There are very few industries immune to the technical breakthroughs of the last 5 years, while the transport industry is no different with ground-breaking advances expected to continue via drones, autonomous vehicles, Blockchain, IoT solutions, automation (as above) etc, with customers benefiting from increased efficiencies, reduced risk, improved governance, transparency and service etc.
  5. Customers: The aforementioned technical advances are fuelling customers expectations and demands, where same day deliveries are being explored by many retailers. Argos are leading this campaign, with their 2017 Christmas advertising highlighting online orders delivered in as little as four hours through its nationwide Fast Track same-day delivery service.

So will a single trend above or a combination of all impact your supplier and customer deliveries in 2018?

As Arvo have managed Logistics Reviews recently with clients benefiting from commercial savings in the region of 25% – are you interested in such reductions for your business? Contact us today to discuss further.

*FTA’s ‘fuel fractions’ table shows fuel costs as a proportion of total annual vehicle operating costs

http://www.fta.co.uk/policy_and_compliance/fuel_prices_and_economy/fuel_prices/fuel_fractions.html

 

1 2 3 8