GDPR and meaningful data protection in B2C processes

All data protection measures are based on three fundamental goals that have to be met at all costs: data integrity, authenticity and availability. Data integrity means that data in a resource is protected and cannot be changed arbitrarily. It should also be authentic, i.e. error-free. Data availability is required so that authorised users can utilise the data whenever necessary to fill the order. The data is then adequately protected against loss – which sums up the third goal. To meet these goals, freight forwarders should only collect the data they need to do their job. For example, they only need the email address or the mobile phone number for (automatic) notification; one correct contact method is more than sufficient. To be allowed to store this data, freight forwarders also need the customer's permission, which remains valid until revoked. The data may only be processed in an access-protected system. Any data transfers or transports must be encrypted – i.e. the data can only be sent over encrypted connections using a protocol such as HTTPS or FTPS. In addition, the freight forwarder's premises and buildings should be secured.

All employees who handle personal data should be regularly educated on data protection. After all, their day-to-day actions are what determines compliance with data protection. For example, documents for transport trips must be distributed in such a way that the addresses can only be accessed by the actual drivers. This can be done using an access-restricted app or a locked pickup box. When making a delivery, local transport drivers must take care not to leave any customer data where it could be seen from the outside of the vehicle. This applies both to addresses displayed in an app and to classic waybills, which must not be visible from outside. If customers have included their phone number and agreed to receive a call, drivers are allowed to give notifications by phone prior to delivery from the truck. Obviously, ringing the door bell is also permitted once drivers reach the address. After the delivery is made, customers are obliged to provide a signature as proof of delivery – handwritten or digital.

Once a delivery has been made and the invoice issued, the freight forwarder is still required to retain the data. This is done for liability reasons and because online merchants, being the logistics providers' customers, are entitled to a warranty by law. The most important reason, however, is that tax law requires data to be retained for an extended period of time. This means that recipients cannot request erasure of their data until the statutory retention obligation has expired. The law clearly states what data has to be deleted, and when: after three years, email addresses and phone numbers have to be deleted. Freight forwarders are required to be able to present this information with the proof of delivery during that period. After six years, billing documents, names and addresses also have to be deleted from the filing cabinets or digital archives. During this time, data owners can only request that logistics providers block individual data being used for purposes unrelated to the order itself. Recipients may exercise their right of access to the stored data and their right to data rectification at any time. The subsequent mandatory erasure of this data has to follow specific rules:  data media has to be put through a level H-3 hard disk shredder (deformation: bending or piercing). Files go through a paper shredding process that conforms to the level P-3 requirements set out in DIN 66399 (strips with a maximum width of 2 mm or particles with a maximum size of 320 mm²).