We're shopping online en masse. All of those parcels end up at our neighbours' houses or are left unguarded at company reception desks. In 2005, this issue inspired CEO Jo Vandebergh to introduce an intelligent home-delivery locker. Today, that home-delivery locker has been replaced by the Bringme Box, a smart in-house post office that lets users receive online orders, return bad buys, and send letters or parcels. You can find the Bringme Boxes all over Europe. They're not only a response to the parcel problem, but also to the GDPR's privacy guidelines.
In 2016, the European General Data Protection Regulation - or GDPR - was approved. Two years later, on 25 May 2018, European companies are required to collect, use, and secure citizens' data in compliance with the GDPR.
Bringme, too, has put in the necessary efforts to be GDPR-compliant. At the same time, it offers its clients a solution to help protect their employees' privacy.
Employees' privacy is up for grabs at the reception desk or in the lobby
A lot of companies are taking draconian measures to comply with the GDPR and to protect their workers' data, but, at the same time, those very same workers' private lives are up for grabs at the reception desk, where visitors and workers can see their colleagues' parcels. Often, parcels are also delivered to the (sometimes unknown) neighbours, against the recipient's wishes.
"Many parcels betray more than you'd think at first blush. Orders such as pregnancy clothing, healthcare products, expensive designer clothes, or alcohol can result in heavy gossiping and give colleagues, neighbours, or random passersby an unwanted glimpse into your private life," explains Jo Vandebergh.
So what's the point of protecting a worker's professional email address from being misused by third parties, if everyone passing by reception can see that very worker's purchasing behaviour and the parcel they ordered from ‘almost-a-mummy.net’? Or the cleanse they bought from ‘liver-and-gall-bladder-detox.com’?
With Bringme, employees' and residents' parcels are delivered straight into the Bringme Box. The recipient is notified discreetly and can pick up the parcel when it suits them. No one else knows parcels were delivered, nor how often parcels are delivered, and certainly not what kind of parcels are delivered. The addressee's privacy is guaranteed throughout the entire chain.
Bringme relieves companies' privacy concerns
"If reception staff register parcels for employees, this entails additional obligations under the GDPR and can even lead to a data breach", Jo Vandebergh explains. According to the GDPR, companies must process files which mention who received what parcel at what time, in the same way they process all other personal data.
Dropping off private parcels at the reception desk or at a neighbour's home also engenders a real risk of violation of the privacy of correspondence: the parcel is not handed over to the final addressee and it will often be accidentally opened by someone else.
By using Bringme, companies organize their processes in such a way that there is no more risk of breaching employees’ privacy when parcels are delivered. In that regard, they meet their obligation to apply privacy by design, meaning companies must design their processes and products in such a manner that the risk of privacy violation is avoided.
Implementation of the GDPR
Bringme also made an effort to fulfill the GDPR obligations and to provide optimum protection for its users' personal data. The GDPR implementation project was a challenging example of cross-departmental collaboration: Legal, ICT, Product/Software, Marketing and HR worked hand in glove to come up with a structural solution. That has given Bringme a 360-degree overview of all personal data which are or can be processed within the organization, permitting it to guarantee users that their personal data are being processed safely and with respect for their privacy.
Content-wise, Bringme had already made a great deal of headway in protecting these personal data before the GDPR. It's now no longer enough for Bringme to “simply” adhere to the principles however; it must also be able to demonstrate that it does so, by means of documents, reports, etc.
Is the GDPR an all-round blessing?
First and foremost, Bringme feels the GDPR will do a better job of protecting the privacy of its users and all EU citizens, and that this is a positive development.
For some aspects, however, the (administrative) scale is tipping too far and the GDPR is not taking the needs of operational management into account. For example, professional contact data (such as a professional email address) are considered in the same fashion as private contact data, resulting in more rigorous consent rules for these data as well (with a required proof of explicit consent), in a way that does not mesh with how trade is done.
It would have been better to create a presumption of consent in a B2B-context, which the addressee could have then individually or generally opted out of. Companies looking to adhere to an all-too-strict privacy orthodoxy for B2B data will not dare to pick up the phone anymore, crippling their prospecting efforts.
Bringme is assuming that the text of the GDPR could never have intended these consequences and, for B2B contacts, it will of course respect the spirit of the GDPR. Bringme will also take the context into account and apply the necessary pragmatism.