Securing the supply chain

One of the biggest problems faced by many businesses is the control of data.

With the increasing move towards digitisation, an ever-growing amount of intellectual property, personal data and other sensitive corporate information is residing on IT platforms. Platforms, that in many cases, are not even under direct control of the data owners themselves, but maybe third-party data centres or stored in the cloud with vendors providing software as a service (SaaS).

There is a natural counter to this data privacy concern that requires much of this sensitive information to be available to multiple separate companies. Few companies can exist in perfect isolation without some data exchange with other entities and as more organisations move toward digitisation, even the lest interconnected may still have dealings with their suppliers or government agencies. However, many businesses have a range of other companies they swap data with, for example for the purpose of sales.

A logistics supply chain is a perfect example of this.

Consider a vendor selling their wares via an ecommerce platform. There could easily be four separate companies involved in this chain, the ecommerce platform itself (e.g. Amazon), the actual seller themselves whose products are listed, the fulfilment company (e.g. Bray Solutions) and the courier company delivering the item (e.g. DPD). In this chain, at the end of a successful purchase by a customer via a portal such as Amazon, all companies involved will know some or all the details of the transaction. 

Most recently, the UK Data Protection Act of 2018 (which was the UK interpretation of the European General Data Protection Regulation, GDPR) forced companies to take a look at what data they hold, where that data goes and what is happening with that data. Therefore, each company in that chain has a responsibility to handle the customer’s data with an appropriate consideration towards security. This data includes not only names and addresses, but purchase information as many items may be of a sensitive or intimate nature.

Internally, you must of course take appropriate steps to secure your data that falls under the auspices of GDPR. The regulations around GDPR are themselves both broad in scope and quite thorough in detail and so need careful interpretation on a company-by-company basis. However, within the supply chain model, certain data packets will move between companies and so their protection falls outside of the scope of just one company, so a cohesive end-to-end model needs to be considered. 

How we keep our clients and their customers safe.

Bray Solutions understands that customer data integrity is of paramount importance to our clients and as such, protect that data both internally and via our courier partners in a few ways. Our own internal systems protections conform to best practices; but by partnering with established, responsible couriers such as DPD and DHL, we know that customers’ data is being protected downstream from us as well. 

Anyone considering moving to a distributed service, ecommerce model utilising many companies, should consult with any shortlisted company and examine not only their internal security provisions but, just as importantly, those of any entity partnered with that organisation. This ensures confidence in the integrity of the data as it moved between nodes in the chain both for you as the vendor, but also for your customers.