Our Services:

  • Returns
    Management

    An efficient single point for processing returns

    More

  • Asset
    recovery

    Refurbishing returned goods to ‘as new’ or ‘graded’ standard

    More

  • Warranty
    fulfilment

    Providing a cost effective alternative to in-home repair solutions

    More

  • WEEE
    Services

    Preparatory treatment of waste and secure storage of hazardous/non-hazardous waste

    More

GDPR – 6 Key Facts Appliance Manufacturers and Retailers Should Know [infographic]

Here’s how new GDPR legislation will affect your supply chain logistics

On 27 April 2016, the European Union passed Regulation (EU) 2016/679 – also known as the General Data Protection Regulation (GDPR).

And on 27 April 2017, Germany adopted it – well ahead of the 25 May 2018 deadline – with other European countries set to follow. By that date, GDPR will be fully enforceable – and will affect all products and services that collect the user data of EU citizens and residents.

Put simply, GDPR will require:

  • Subjects’ consent for data capture and processing
  • Collected data to be anonymised
  • Timely notification of data security breaches to the proper authorities
  • Secure and proper handling of data transfer across borders
  • General safeguarding of collected data

At nearly 55,000 words in length, the full legislation document is extensive. So here are the key fundamentals that UK electrical appliance manufacturers and retailers should be aware of:

1. GDPR applies to ANY device or service that collects user data

Since the dawn of the Internet of Things, a whole host of devices have collected and transmitted user data. Not just the obvious appliances like smart TVs but also wireless speakers, smart fridges, security cameras and even toasters.

All of these devices retain data – and the new laws must be considered in any product or service “by design.” Essentially, it means appliance manufacturers may now incur additional development costs in order to ensure the finished product adheres to (EU) 2016/679.

2. Data collection must be limited to what is necessary

GDPR specifies that the type and volume of data collected on users should be restricted to only what is necessary. Collecting any data beyond this will require the vendor or supplier to gain permission from users via opt-in.

Any data sent wirelessly – for example, via wi-fi between devices – will also need to be encrypted.

3. User data must be accessible and portable

The new GDPR rules will ensure technology users are entitled to, in essence, carry their data around with them. So when an EU resident moves from one service provider to another, any data collected on them must be made available. In order to facilitate the effective transfer of that data, the regulation requires it to be saved in an accessible and widely-compatible format – like a CSV file.

4. The rules don’t just apply to Europe

(EU) 2016/679 applies not only to companies trading in Europe, but also any company collecting the data of EU citizens and residents. According to the European Union website: “It (GDPR) will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.”

The GDPR rules also require companies to immediately disclose any data breach to European regulators. Again, this applies no matter where the company is located as long as the data collected is on European citizens or residents. Penalties begin at €20 million, and could cost the offending company 4% of its global revenue if the maximum fine is applied.

The UK’s upcoming exit from the European Union will also have no bearing as (EU) 2016/679 will be ported into UK legislation.

5. There will be no grace period

Unlike with European directives, there is no need for individual countries to pass laws to make GDPR enforceable. So on 25 May 2018, Regulation (EU) 2016/679 will be in full effect.

There will be no grace period, meaning fines and penalties can be incurred and issued straight away.

6. Returned goods will need to be wiped

In order to comply with regulation (EU) 2016/679, any returned item that stores user data will require wiping as part of the return-to-sale process.

Servicecare holds Blancco certification – the de facto global standard in certified data erasure. And thanks to our recently expanded data wiping facility, Servicecare can ensure all data is removed as part of the reconditioning process.

For more information on ensuring return-to-market goods comply with (EU) 2016/679, call 0161 688 1537.

Infographic GDPR New Laws Back to news