www.bifa.org
Legal Eagle
BIFAlink
GDPR and the BIFA Standard Trading Conditions (STC)
Members have been asking how the General Data Protection Regulation affects BIFA’s STC. However until the legislation’s many complexities are tested in court, there can be no definitive answers
We have received some enquiries concerning the new General Data Protection Regulation (GDPR) legislation and whether there is any impact on the BIFA STC. It has been suggested that an addendum to our STC is required to cover the transfer of personal data outside of the EU when there is no “adequacy decision” from the EU. BIFA Members may have noted that several forwarders have now included lengthy addendums on their websites, but there is no standard wording.
Standard clauses
GDPR does contain some standard clauses to incorporate into longer contracts and there are two sets – one when a party is processing and one where it is controlling the data. The Information Commissioners Office (ICO), the governing body in the UK, recommends use of these un-amended. Of course, forwarders will sometimes be
controlling (when using data for the purposes of making deliveries to an individual or for an individual they will be controller) but when saving that information for tax purposes they will be processing. There are many Data Protection
October 2018
Officers (DPO) and there are also lawyers who are assisting their clients with GDPR. Consequently, there are variations depending on the various views of the advisers. As this is a new law, no one knows whether the courts will enforce any amendments or not, but in case they do the lawyers will be seeking to gain the best advantage for their clients, particularly with regard to liabilities. This is because a UK organisation that is a party to a contract involving personal data may be fined, or in some other way penalised, by the ICO and it may want to pass that liability contractually to its contracting party. If the courts do not enforce such clauses, the liability will remain where it is.
Sub-contracting Another problematic area rife in logistics is wholesale sub-contracting, where you have a forwarder that is in effect a platform for passing on physical contractual responsibilities but takes the paper responsibilities in contract themselves. BIFA has modelled a number of scenarios with the freight forwarder acting as an agent and as a principal, and the roles and responsibilities do not sit well with GDPR.
Until tested in court, every DPO and every lawyer instructed will have their own different views on how to deal with these issues. The simple answer is to protect as best you can in contract, and if a dispute arises and the court does or does not enforce the contract terms because it views them as outside of or complementary to the regulation and either unenforceable or enforceable, we then have case law to assist in drafting contracts. It would be impossible for BIFA to assist members as not only are there the complications we identified when modelling, but also there is the overlay of the mentioned standard clauses when dealing with non-EU countries that do not have similar data protection laws in place.
Complexity
This is a complex piece of legislation that does not really sit well with certain industry models. That said, the TUPE Regulations – The Transfer of Undertakings (Protection of Employment) Regulations 2006 – are often dealt with differently in business-to-business contracts to how they might be in terms of direct responsibility to the authorities, so the standard terms could be “enhanced” in a wider contract, but that would be a matter of negotiation and there would be far too many permutations for anyone to be able to put out some standard terms for forwarders to utilise.
BIFA is grateful to Pysdens Solicitors for its assistance in preparing this article. Pysdens is a BIFA Associate Member.
9
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20
