DPD is committed to the secure and trustworthy treatment of the data you entrust to us. We do everything in our power to comply with statutory data protection regulations. This also applies to compliance with the EU's new General Data Protection Regulation (GDPR). You can download all the important information on this subject here, in particular in relation to the use of our Predict-Service, contract data processing by DPD and why you don't need a contract in accordance with Art. 28 GDPR for the transmission of shipment data to DPD.
As a postal service provider, DPD is a data controller in its own right. The data is processed to provide the postal service. As a rule, this is a direct and purpose-related transfer of the shipper's shipping data to DPD and is not classed as contract processing in accordance with Art. 28 of the GDPR. It is also irrelevant how this transfer to DPD takes place (direct file transfer, myDPD service or Parcel Navigator).
Shippers therefore do not need a processing contract with DPD.
For you as a company, the transfer of data to DPD is necessary for the execution of the delivery within the framework of the customer order and is therefore generally covered and justifiable on the basis of:
6 Para. 1 (a) GDPR (consent) or
6 Para. 1 (b) GDPR (purchase contract) or
6 Para. 1 (c) GDPR (legal requirements, customs law) or
6 Para. 1 (e) GDPR (public interest)
6 Para. 1 (f) GDPR (legitimate interest).
Below we also provide information on the assessment of Predict notifications in the context of the General Data Protection Regulation.